NovaBACKUP Security Blog

How Unsecure Backups Can Affect HIPAA Compliance

Health care is one of the most vital industries, given how many patients are cared for each day. As such, this sector deals with a lot of personal and organizational information that must not only be guarded, but backed up to ensure easy access at any time. Backups will be critical to the longevity of your business and will help guide you to Health Insurance Portability and Accountability Act compliance. If you have ineffective backups, however, it could lead to significant consequences.


Growing fines emphasize security needs

The prices associated with health information and business downtime are constantly rising. Health care institutions are becoming more lucrative targets for many cybercriminals, as patient records can be sold for higher prices on the black market than just about any other information in any industry. However, you can't just protect documents in the digital space - you also need to ensure your hardware and any files on your devices are secure.

In 2012, a laptop from the Cancer Care Group was stolen from an employee's car. According to the U.S. Department of Health and Human Services, the laptop had unencrypted backup media that contained names, addresses, Social Security numbers, insurance information and other personal data of 55,000 current and former patients of the organization. This transgression earned a $750,000 fine in accordance with HIPAA compliance standards, and the group agreed to develop a corrective action plan to address deficiencies in its HIPAA efforts.

Any health care device with sensitive information must be protected.Any health care device with sensitive information must be protected.

Ensuring your plan has your back

The stakes for health care institutions are constantly rising, so it's important for you to create a strategy that will ensure your backups are ready when you need them. The Healthcare Billing & Management Association noted that backups are no longer an optional luxury for organizations. Instead, you'll need to securely back up copies of health information, make sure they're recoverable, conduct backups completely, test your recovery efforts and encrypt all sensitive files, both at rest and in transit. This can seem like a lot of tasks to take on, but it's all necessary to protect your clients as well as your institution's reputation.

"It's important to ensure your backups are ready when you need them."

"Losing data is one matter; not having 'exact retrievable copies' as required by law is another," HBMA stated. "The ultimate embarrassment may be, however, trying to explain in a court of law following a data breach event that one has no way to notify affected individuals because one has no idea who they are because there is no data backup copy."

For smaller health care practices, it may be prudent to team up with a provider that offers a comprehensive backup solution and support. This partnership not only will help you strive for HIPAA compliance, but it will also ensure that you're never on your own when disaster strikes. A vendor like NovaStor can help you reinstate your systems and guide you through the backup process, minimizing downtime and quickly restoring your essential information. Unsecure backups can significantly damage your chances of recovery, but with a capable solution and an experienced provider, you can overcome these challenges and follow industry standards.