Are you CERTAIN you are backing up your data?
Here are four examples of why you should care.
HARD DRIVES FAIL – A small pediatrician’s office asked for help with analyzing some data. The best way to assist them was to back up their database to an external drive and take it back to the office since this was before affordable remote access technology.
The office staff diligently backed up their database daily to an external drive. Except they didn’t! At some point in time, the backup location had reverted to the hard drive of the computer, the very same computer on which they store their database. A failed drive and they lose both the database files and the backup too.
A few days later, their computer’s hard drive failed. When staff went to restore their backup data, much to their surprise, the CD was empty. Fortunately for them, I still had the database backup used to help them with reports.
With no backup, an office might expect to pay thousands of dollars to a specialist to retrieve data. Upwards of 60% of businesses shut down within six months after losing data. Coincidence saved this office from much worse alternatives and scenarios.
CYBER ATTACK – A practice with electronic health records software experienced a ransomware attack in 2017. Their IT company determined an employee likely accessed a website masquerading as an ICD-10 search tool. The employee called in a panic as she witnessed files changing names and systems no longer working. The immediate action was to shut off all computers and network devices and disconnect from the Internet. The malware successfully encrypted some files on the infected computer and a shared network folder of their server.
Fortunately, they had a disaster recovery plan in place. Within minutes, the system was shut down. Their IT company wiped clean the infected computer, reinstalled the operating system, and reset the network. We reinstalled the software. The practice had both onsite and offsite backups of the server and critical files.
It took two full days to complete the process, but with everything restored to the original state, the practice resumed normal operations on the third day. Imagine if no backup existed or was outdated.
VENDOR MISCOMMUNICATION – A colleague’s client faces the worst-case scenario in our first example. The billing company’s server crashed. They thought their IT company was backing up their multiple databases; however, they were not. Instead, the IT company thought the billing company was backing up their data. Nobody was monitoring the backups.
Regardless of who’s at fault, the billing company and all their clients are scrambling to find a solution. Even if you think your office has backups under control, communicate with whoever oversees them, and verify their completion regularly.
Maybe you have scheduled daily backups on your computer. Technology can fail or change unexpectedly. An unverified scheduled backup may turn out to be no backup at all. Verify your backups regularly.
MONITORED BACKUPS REVEALED A BIG ISSUE – Monitoring your computer systems, including backups, can alleviate the likelihood of more significant issues down the road. One client, who uses our cloud-based, HIPAA-compliant backup system, also backs up their electronic health records onsite to an external hard drive. After receiving reports with errors for their cloud-based backup, I checked their server for possible issues. The backup would run but wouldn’t complete successfully without errors. A reviewed of Windows logs showed errors as well. It appeared something was wrong with their hard drive or file structure.
I immediately contacted their IT company. They determined the hard drives were failing along with their RAID system, requiring a complete reconfiguration and restore. If they hadn’t had a monitored backup, they might not have found out about the failing hardware until it was too late, and the backups may have been incomplete as well.
Hardware failures, malicious cyber-attacks, and general miscommunication each demonstrate a need to monitor and verify your backup regimen. Add natural disasters, theft, vandalism, and other occurrences, and a verified back is critical.
HIPAA regulations (§164.308) require the protection of ePHI data through the implementation of “policies and procedures for responding to an emergency or other occurrence” (7)(i) and to ”establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.” (7)(ii)(A).
Sunrise Services offers offsite backup systems to help you maintain HIPAA compliance and create a proper disaster recovery plan. Call us for details. Whether you plan your backup strategies, seek help from your IT department, or ask us for help, make sure you develop a verification policy as well.