What is HIPAA Offsite Data Backup?

For healthcare providers, backing up data plays an essential role in decreasing the likelihood of losing essential data in the event of a breach. The issue of HIPAA offsite data backup is discussed below.

HIPAA Offsite Data Backup: Types of Backup

The administrative safeguard requirement of the HIPAA Security Rule requires covered entities and business associates to develop a contingency plan. In a contingency plan, an organization establishes and implements policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems containing ePHI. A data backup plan is a required element of a contingency plan.

HIPAA offsite data backup

Creating a data backup plan requires an organization to establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. These copies can be stored at an organization’s physical location – as “onsite” data. Backed up offsite data, in contrast, is data backed up at a remote location, either at a remote data center, or through the cloud.

Is your organization secure? Download the free cybersecurity eBook to get tips on how to protect your patient information.

HIPAA Offsite Data Storage: Cloud Centers

Organizations are moving away from remote data center backup to another type of offsite data storage: cloud-based backup. Cloud backup is a storage strategy that makes an identical copy of existing PHI and then transfers that information through the Internet to an offsite server. The data can then be retrieved or recovered from any location that has an Internet connection. 

Once an organization selects a cloud backup vendor, the vendor installs a software package on the organization’s computer system. The organization selects what files and folders it wants backed up. The first backup is then performed. The software then runs “behind the scenes,” continuously, saving and storing updated data on a recurring basis. 

Cloud backup should not be confused with the term “cloud storage.” Cloud backup is a software-based solution that automates the backup process. Cloud backup plans have large data capacities.  

Let’s Simplify Compliance

HIPAA compliance can be difficult to navigate, so why not use an expert you can trust?

Learn More!
HIPAA Seal of Compliance

HIPAA Offsite Data Backup: Security Rule Requirements

Covered entities must comply with the HIPAA Security Rule. Before a covered entity chooses a data backup solution, the covered entity should vet the potential vendor, to ensure the vendor’s practices are in line with what the HIPAA Security Rule demands. If the covered entity is assured that the vendor will properly safeguard its ePHI, the covered entity must then enter into a signed business associate agreement with the vendor.