by Sean Curiel, on Oct 20, 2020 6:15:00 AM
Organizations that store and secure protected health information (PHI) understand that strict HIPAA Security and Privacy rules are in place to help protect the patient and the business while also helping to prevent data loss. Adhering to these safeguards also helps to avoid both financial and criminal penalties that are issued to negligent businesses.
According to Health and Human Services (HHS) 70% of the health care market isn't HIPAA compliant, while the Centers for Medicare & Medicaid (CMS) reveals that 79% of Meaningful Use audits have resulted in failure. (Healthcare providers who receive incentives from the Medicare or Medicaid programs may be requiried to show documentation supporting payment calculations and use of certified electronic health record technology (EHR). There is a requirement to perform a HIPAA Risk Assessment which includes vulnerability analysis, an action plan, and various monitoring and violation procedures.)
So when it comes to data backup for healthcare institutions, there are clearly more questions that arise than for the typical (non-healthcare) small business. During the process of selecting backup solutions, considering vendors who have undergone specialized HIPAA training and verification programs can help to check-off many of the necessary requirements.
NovaBACKUP software has recently received the HIPAA verification seal of certification as presented by the Compliancy Group. While no “HIPAA certification” is currently issued by the U.S. government directly, some private enterprises like the Compliancy Group, who are deeply familiar with the current regulations, work closely with vendors to ensure compliance. The Compliancy Group, for example, utilizes tracking software and compliancy coaches who work to simplify regulations, listen to concerns and verify efforts.
While undergoing HIPAA verification isn’t legally required, taking this extra step as a software developer shows NovaBACKUP’s commitment to our Dental and Healthcare clients.”, says John Ferraez, NovaBACKUP Security Specialist.
Requirements for a Backup Solution to Achieve HIPAA Verification
- Training
Protected healthcare information (PHI) must be handled in a verifiably secure manner. Employees who may come into contact with personal client data must undergo specialized training to understand the rules of compliance. This includes offsite (WFH) employees who may be utilizing a different IT infrastructure. - Business Associate Agreements
No business is an island. Partners who may be interacting with private data also bear the same responsibility for compliance. Business Associate Agreements ensure that partners understand their role in safeguarding protected health information - Audits & Assessments
Businesses must evaluate their security risks and privacy standards. If deficiencies are pinpointed, then a clear plan to address them must be put into action. Progress reviews must be conducted regularly. - Incident Response Plan
Workforce members must be able to preserve and document evidence of a security incident and properly document it. Businesses must have the ability to track and manage investigations into such events and evaluate them as part of their ongoing security efforts. - Reporting
Employees should understand the process, and be able to report HIPAA violations or security incidents (how and to whom), even anonymously if necessary.
Healthcare providers have a wide range of options when it comes to selecting a backup solution. But having an impressive product alone may not be enough. Medical and Dental practices are wise to seek out backup vendors who have taken extra measures to ensure that their products and services adhere to the most stringent regulatory requirements through a respected HIPAA certification process.
Speak with a data protection expert about HIPAA compliant backup today.
