Is Your Backup Data Secured?

Share on facebook
Share on twitter
Share on pinterest

In January 2017, a HIPAA-covered Texas clinic learned that someone had stolen an unencrypted external hard drive. The thief took it from a locked closet inside the clinic. The clinic used that hard drive to back up patients’ protected health information (PHI). Consequently, the drive contained seven years’ worth of data, including names, dates of birth, driver’s license numbers, SSNs, medical record numbers, diagnoses, lab test results, and medications.

Where did the clinic go wrong? They had locked the hard drive inside the clinic, but they had not protected it from insiders. That’s why you must examine where you keep your data. You may use a cloud service, a local server, or a physical hard drive. Regardless of where you keep it, HIPAA requires you to protect the confidentiality, integrity, and availability of all PHI in your possession, including backup data.

The best defense against inappropriate data access is to encrypt all devices/systems that house PHI. However, Encryption/decryption is addressable. This means you get to decide if you will use encryption to restrict access to PHI. Is it reasonable and appropriate to use encryption? Most likely, it is. If not, is there an alternative? You will answer these questions during your security risk analysis.

Contact us to learn how the HIPAAtrek platform can help you manage security at your organization, or request a demo.

Read more: How to Safely Manage Your Mobile Media

Please share to your communities

Request A HIPAAtrek Demo

Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!
Learn about Hipaa

Join the HIPAA Huddle

The HIPAA Huddle is a monthly meeting for compliance officers and others with HIPAA oversight responsibility to meet LIVE in a collaborative  environment to work through a single issue or discuss best practices.