Online Store
Store Home
Standard Edition
Professional Edition
Express Edition
Professional Upgrade
Exchange Mailboxes

Partners
Become a Partner
Partner Enrollment
Partners Only Catalog

Online Backup and HIPAA Compliancy

HIPAA (Health Insurance Portability and Accountability Act of 1996) was enacted to not only improve the portability of health records, but to maintain a high level of security and privacy within that system. Data Protection is a critical part of the HIPAA system, requiring Covered Entities and their Business Associates to have a plan in place for secure, compliant protection of personal information in the event of disaster or other data loss. Health care providers and their Business associates engaging in electronic transactions must put in place privacy safeguards to restrict the disclosure of personally identifiable health information.

Who Must Maintain HIPAA Compliancy?

HIPAA covers two categories of entities:

Covered Entities – All health plans, health care providers, or health care clearinghouses who electronically transmit patient health information fall into two categories
Business Associates of Covered Entities – Businesses that provide functions or activities on behalf of a Covered Entity that involve personally identifiable health information. This can include billing, data analysis services, individual claims processing, utilization reviews, and other similar services.

As an online backup provider, Backup To The Web falls within HIPAA Security Rule guidelines. Backup To The Web meets current HIPAA Security guidelines, and can help your organization with compliant data backup and availability services.

How Can Backup To The Web Help Me Become HIPAA Compliant?

Prevent Unauthorized Access

The confidentiality of patient medical information is critical. Any electronic transfer of patient medical information and its storage must be adequately secure from unauthorized access.

The Backup To The Web OBM (Online Backup Manager) encrypts all data before it leaves the originating machine. This encrypted data is then sent securely to the online backup server with another level of encryption. The Encryption Key is generated by the customer and is never available to Backup To The Web. Data is stored on the backup server and replication server in encrypted files that are not accessible to Backup To The Web.

Disaster Recovery Plan

Covered Entities and their Business Associates are required to have a contingency plan to ensure continued operations in the event of any loss of data. This plan MUST cover details regarding data backup and recovery processes, how backup media is handled (rotation and offsite storage), how quickly it can be restored in the event of a disaster and all other aspects of data backup, security and recovery. Data loss can result in loss of patients, customers and productivity.

Backup To The Web assists with HIPAA compliancy through automated online backups, providing offsite replicated storage with on-demand recovery from any machine with an Internet connection, all while maintaining strict confidentiality and data security:

- Unattended, scheduled data backups with email notifications and reporting.
- Offsite storage at our data centers.
- Data is replicated to secondary a second location for maximum redundancy.
- Files can be stored indefinitely (HIPAA requires certain storage periods).
- Easy file restoration from client or any web browser 24x7x365.
- No additional hardware required.
- No hassle with media rotation or storage schemes.

Let Backup To The Web’s online backup service help you comply with HIPAA as part of your data protection and disaster recovery plan. There is currently no official "HIPAA Compliant" certification for data backup software because there are no parts of the legislation that specifically addresses requirements for backup and privacy software. If you have questions, please feel free to contact us.
For more information, visit the HIPAAdvisory web site, or download the "Introductory Resource Guide for Implementing the HIPAA Security Rule" (Adobe Acrobat required). The United States Department of Health and Human Services (HHS) maintains the Office for Civil Rights - HIPAA website. There you can find further information on the protection of personal health information.