How Often Should Medical/Dental Offices Backup Data and Why It's Important
What is the most important part of your practice? Is it your building? Is it the equipment? No, your practice is your patients. And since most patient records are stored electronically these days, your practice is your patients’ electronic data. Patient data is the critical and comprehensive medical information that allows you to safely treat your patients. So what happens if there is an extended power outage in your area? A fire or flood in your office? Your network server crashes? What if your computer network is compromised from outside your practice?
Loss of data could paralyze a medical or dental practice. Imagine losing patient records, financial information, payroll figures, etc. The loss of this sensitive data can cost you time, money, and headaches. More importantly, you could lose the trust of your patients. The HIPAA final rule requires that electronic protected health information (ePHI) be backed up and stored securely offsite.
You know that your electronic health records, or EHR, should be backed up, but which data? How should it be backed up and how often? Take a look at the following to ensure you have the right insights into why you need to backup your data and how you can avoid the nightmare of data loss.
Do you know what to look for in a managed IT service provider?
Download our checklist to learn if you’re making the best choice for your practice.
What Do I Need to Back Up?
At first glance it seems easy -- you just make a copy of your data and files. But that’s only the beginning. In the case of an emergency where you lose access to your data (think equipment failure, fire, flooding, hurricane, tornado, etc.) you want to make sure that you have everything you need to pick up and start practicing again and seeing patients quickly. That means that to properly backup your medical or dental systems, you need to backup the following:
Patient files including health histories, tests, photographs and radiographic images
Administrative files including payroll records, documents, and spreadsheets
Financial information including patient insurance, patient billing, and accounts payable
Operational systems and computer programs
Any important data or programs that are “stranded” on individual workstations
Depending on the size and specialty of your practice, you may have other sensitive electronic information to securely back up.
How Do I Start Securing My Practice Data?
The first step is to ask yourself the right questions:
Q: How do I get started?
A: Create a functional copy of all critical data to be stored securely outside of your office.
Q: Where will I store my copied data?
A: It’s important to store this off-site in a secure location, preferably on an off-site server.
It is not recommended that a staff member take the backup copy home. The backup copy could be lost or worse. If your backup were stolen and the data compromised, recovery could be a nightmare. If the data is not encrypted and is lost, it would be considered a security breach under HIPAA with related consequences. Nor should you store your data backup in the office safe; that would defeat the purpose of creating a backup copy in the first place.
Q: How often will I backup my data?
A: The more important the data, the more frequently you will want to run your backup and the more backup copies that you should have at various secure locations. Again, it is recommended that you set up online backup that will be stored offsite. This way, no copies will be floating around where they could be lost or stolen. Also, this allows you to automate the backup process by scheduling regular backups to run at prescribed intervals. If the process is automated, you do not have to rely on yourself or staff to remember to run the backup. Recommended best practice is to set your backup to occur daily at midnight, and weekly on Fridays at midnight.
Disaster can strike at any time and can affect your geographic region. The data backup should either be in the cloud or on a separate server at a separate location.
Should You Get an IT Service Provider Involved to Help?
Long story short -- we strongly recommend that you consult your IT provider for their advice and expertise on backup best practices. You want to focus on your patients, and there are so many other details of your practice to manage. Even if you have staff members who are tech-savvy, they are performing other important duties to support your practice. The last thing you want to do is to run the risk of not securing your data properly or backing it up frequently.
If you do decide to involve an IT service provider, ask them the following questions:
What the data recovery plans are based on and why?
What are their data security measures?
How often are the data recovery processes are tested?
How often they will be backing up your data?
What media are they using to backup your data?
How secure is your data in transit?
What happens if you need to go back to a previous data? Is that possible?
Many practices are performing a daily backup, overwriting the previous backups. But what if you needed to go back to a certain point in time for legal or technical reasons? How long are previous backup versions available to you? How does your IT service provider handle that situation?
Although it seems counterintuitive, you should also have a paper protocol. This will allow for continuation of business while the problem is being fixes. Staff need to know what forms are necessary and how to fill them out how in the event that the computers are down for any reason.
Once you have set up your backup schedule and routine, make sure you test the integrity of the backup data on a regular basis. You should check that the data has actually backed up. It is also good practice to periodically test data backups by restoring from a backup.
Don’t put your practice at risk by not having a solid data backup protocol. You owe it to yourself, your patients, and your employees to make sure that this portion of your practice is safe and disaster-proof. If you’d like to discuss this more or get a better understanding of how Integrity Systems can help ensure your practice’s success, contact us.