Everyone who works with Technology knows the importance of backups, and we’ve all heard horror stories or can even tell our own. They are particularly important in the healthcare field, where backed up patient and practice data is not only smart but mandated by local and federal government regulations. While Centricity hosting and Allscripts hosting provides protection of your primary EMR and billing data by your hosting provider, many practices have important data outside of these two environments. When doing so we often see a number of mistakes that still get made over and over again. Here are four of the most common for you to avoid.
Important documents still on PCs
First in everyone’s mind is the critical data backup – patient charts, financials, etc. and so that should be well managed by your Centricirt or Allscripts Hosting provider.
But what about word documents, excel spreadheets, and even Quickbooks files that are saved on user PC desktops or “My Documents” folders? It’s hard to avoid this unless you have a crafted plan for user folders to be housed on server shares, implemented through AD group policy. Either that or you come up with a regular method to backup copy from your PC to an external USB drive, USB stick, or personal cloud backup like Carbonite. Just don’t forget about your local documents – whenever you are looking at something important to your practice, always ask yourself, where does this live and is it getting backed up? And get IT involved if you’re not sure.
Backups to mobile drives not secure
If you do choose the route of backing up local documents to USB external drives or sticks, you can run into the next gotcha. HIPPA regulations require that all mobile storage devices be encrypted, so that if they are stolen or lost they cannot be viewed by the finder. There have already been a number of very public HIPPA violations recorded of this type, laptops or USB sticks with ePHI in one form or another on board gone missing. Take a look at the HHS “Wall of Shame” website. In addition to the public shame, patients must be informed as well when there is a ePHI breach. So if you must use USB drives (and laptops, too for that matter), you must encrypt! There are various software solutions that can do the job, some free and some at a reasonable cost. Often USB sticks can be purchased with encryption software already onboard that just needs to be configured at the onset of use.
Local office backups only
A single point of failure in any system is a bad idea, and in this case, the single point of failure could be your office space. What if there is a fire, or large scale theft, that destroys or removes all PCs and servers from your site? You may be insured but you may also lose all your clinic data, a bona fide business disaster. There must be an offsite data backup solution in your mix, either using Cloud backup systems, or at least backing up to media that gets cycled offsite regularly (don’t forget to encrypt!). If you utilize Cloud computing and your most important data is already there, that’s great, but don’t forget to also include the PC documents mentioned above, perhaps nightly copy backups to server shares in your company Cloud.
Difficulty of retrieval
It’s great if you have all you important data secure and in more than one location, but the final question to ponder is how fast can you get it back? You probably want it back in a matter of hours, not days. So, if the backup tape is somewhere in the back of the Ass’t Manager’s car, you may have some hurdles to overcome! Timely recovery means having really good methodology in place, as well as regular testing and practice recoveries. All backup methods are not created equal, and truth be told you’ll need to recover items more often than you may think. It’s not uncommon that clients have us recover files accidentally deleted, or when a virus has caused corruption to the originals on local PCs.
For assistance with planning your company backups and answers to further questions concerning these common mistakes, please contact the Health1 Technologies team