What is HIPAA Compliant Online Backup?

Online data backup allows businesses to save important information securely, enabling them to recover quickly should there be an incident affecting their onsite file storage. Online data backup is also an important part of HIPAA compliance, as HIPAA requires exact copies of patient files to be maintained. There are several software solutions that can be implemented for online data backup, however, under HIPAA, software providers are considered business associates. So, before patient information can be stored using these solutions, it is important to determine whether or not the solution is HIPAA compliant. But what is considered HIPAA compliant online backup? The answer is discussed below.

HIPAA Compliant Online Backup and Security

HIPAA Compliant Online Backup

There is a minimum level of protection that you should look for when choosing an online data backup vendor. The security features that they offer must ensure the confidentiality, integrity, and availability of protected health information.

End-to-end Encryption

End-to-end encryption (E2EE) is a security method that prevents unauthorized users from accessing sensitive data. With E2EE, data can only be accessed with a decryption key. E2EE protects data in motion (data being sent or received through the platform) and data at rest (data stored on the platform).

User Authentication and Access Controls

User authentication and access controls are important parts of HIPAA compliance. User authentication is a means of confirming that users are who they appear to be, requiring them to input unique login credentials to access sensitive data. Access controls, required by the minimum necessary standard, enable administrators to designate different levels of data access to employees based on their job function by using those unique login credentials. 

Audit Logging

Audit logging tracks access to sensitive data on a per user basis. Audit logging is made possible through the use of unique login credentials, enabling organizations to pinpoint who accesses what data, when, and for how long. Audit logging also enables the quick detection of both insider and outsider breaches, as regular data access patterns are logged for each user, making it easier to determine when data is accessed outside the norm.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

HIPAA Compliant Online Backup and Business Associate Agreements

Just because a software service is secure doesn’t mean that it is HIPAA compliant. As we mentioned previously, software vendors are considered business associates under HIPAA. This means that, before a healthcare organization can use their service, they must have a signed business associate agreement in place.

Business associate agreements (BAAs) are legal documents that require each signing party to be HIPAA compliant, and be responsible for maintaining their compliance. As such, BAAs limit the liability for both parties in the event of a breach. Additionally, should either of your organizations be audited by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR), they will look for the presence of a BAA when determining fine amounts and corrective actions. Organizations that don’t have BAAs in place may be found negligent, possibly subjecting them to costly fines

Examples of HIPAA Compliant Online Backup Vendors

Now that we’ve discussed what you should look for in a HIPAA compliant online backup provider, we thought we would make it a little easier for you to find one.

Some HIPAA compliant online backup vendors include: