HIPPA Info


Home \| Hosting Plans \| How it all Works \| Signup and Pricing \| Features and FAQ's \| HIPPA Info \| Member Center \| Support

:: WEB SERVICES ::

HIPAA Compliance

HIPAA has enacted several mandates to improve the access and portability of patient health records while maintaining strict privacy and security. A critical aspect of the HIPAA privacy ruling is Data Protection, requiring compliant backup methodologies to ensure the security and confidentiality of patient records. Health care providers who engage in electronic transactions must observe privacy safeguards to restrict the use and disclosure of individually identifiable health information.

Dialyourweb supports HIPAA compliance through automated off-site data protection with on-demand recovery, while ensuring strict data security and confidentiality.

REQUIREMENTS

Restrict Unauthorized Access
Patient record confidentiality is critical. Any electronic data transfer and storage must be adequately protected and secure from all unauthorized access.

Contingency Plan
Organizations are required to have a contingency plan to continue operations in the event of data loss. This contingency plan MUST include details concerning the data backup and recovery process, who handles the backup media, the media rotation process, where the media is stored off-site, how quickly it can be retrieved in the event of a disaster, and all other aspects associated with data backups, protection, security, storage, and recovery.

Data loss can result in further losses of productivity, patients/customers, and revenue. In many cases significant data loss will result in lost business. Fortunately, the damaging impact of data loss can be negated with a qualified data protection solution as part of your contingency plan.

DATA PROTECTION OPTIONS

	Tape Drives
	Initial investment starts at $2,000 for the drive and backup software. Consider this a semi-annual expense since drives will wear out. A rotating backup methodology uses a minimum of 19 tapes per year -averaging another $800 per year for tape storage media. Tapes have a limited shelf life. Due to tape costs and media rotation hassles, it is common to resort to taping over and over on the same tape, only to discover that the tape has worn out, rendering the backups unusable. Off-site storage is required. Convenient storage and expedited retrieval is necessary for emergency situations. Tape storage space is limited and not conducive to automated, unattended backups.
	Removable Storage Drives
	These devices require a high entry price for a reliable system. Off-site storage is required. Convenient storage and expedited retrieval is necessary for emergency situations. Storage capacity limitations make automated and unattended backups impractical.
	External Disc Media (CDs, DVDs) Due to their low price point and readily available drives, rewritable CDs (CD-RW) and DVDs have become a popular backup media. However, you should note that:
	CDs have less storage capacity than tapes, making automated and unattended backups impractical. DVDs have a larger storage capacity than CDs, but are still limited. Off-site storage is required. Convenient storage and expedited retrieval is necessary for emergency situations. Limited shelf life is a definite concern.
	Since external backup storage media (Zip drives, CDs, DVDs, Tapes, Flash drives, external hard drives, etc.) can be easily stolen, support limited data sizes, often utilize no or minimal encryption security and must be transported to/from off-site storage facilities, they seldom represent adequate data protection solutions for HIPAA compliance.
	Online Backup Services Online backup (remote backup) services represent a fully-automated, secure, unlimited off-site storage facility for quality data backup operations.
	Fully automated data backups at secure off-site facilities. No hardware to buy or manage. No media to buy, rotate, catalog or store offsite. All data is encrypted for security. Data can be easily restored on-demand 24x7. Service costs can be low compared to external media.

Dialyourweb FOR HIPAA COMPLIANCE

HIPAA compliant information systems require a combination of administrative procedures, physical safeguards and technical measures to protect patient information during storage and transmission across communication networks. As a significant part of your overall contingency plan, Dialyourweb provides secure, automated data transmission and storage services for data backup and recovery.

Dialyourweb implements the following HIPAA compliant features:

Automated, unattended data backups with built-in notifications.
Ultimate data security via 448-bit encryption – data is ALWAYS compressed and encrypted during transmission and storage.
Data integrity controls with mutual authentication.
Restricted password access – a secret encryption key can be specified for ultimate security, even Dialyourweb can’t get access your data.
Off-site storage at highly-secured data centers.
Data is mirrored to secondary secure facilities for ultimate data availability
Extended storage is available (HIPAA requires storage for minimum 6 years).
On-demand, exact copy data retrieval - 24x7x365.
Optional monthly CD or DVD archives are available.

Additionally:

No cost or hassles with external devices, media, or offsite storage.
US company with the lowest subscription rates in the industry.

HIPAA privacy rules provide Dialyourweb and its affiliates with “business associate” rights to limited use and disclosure of the information. Dialyourweb never discloses data unless required by law. Dialyourweb does not access any portion of the backup data unless authorized for customer support purposes. Dialyourweb can be fully prevented from data access by use of the client-side secret encryption key.

Please visit the Office for Civil Rights - HIPAA website for more information about the national standards to protect the privacy of personal health information.