Monday, March 16, 2015
Is Your Data Protected When Disaster Strikes?
Written by Jay Helms, TekLinks Health Service Group Sales Director
There is a certain local weatherman here in Birmingham who knows his stuff when it comes to tornadoes (snow & ice…not so much). Recently, he shared data defining the “new” tornado alley as a path pushing right through Alabama, which has brought disaster recovery to the forefront of business continuity for health care practices in Birmingham.
Sure, you may know how to protect your patients’ safety in the event of a tornado, flood or fire, but do you know how to protect their patient data? Preparing your practice for a disaster is crucial to keeping your practice and patient information safe. Hosting your EMR & ePHI in a highly secure and redundant data center helps prepare your practice in the event disaster strikes. By moving your ePHI from your onsite location and into the cloud (a secure data center), you won’t have to worry about losing your data under any circumstance.
Required HIPAA Rule 164.308(a)(7)(ii)(C) states that every War Eagle & Roll Tide covered entity must have a disaster recovery plan in place. This is particularly important if you have or are attesting for Meaningful Use - you've probably heard of, or experienced firsthand, the increasing amount of MU Audits being performed.
Many practices think they are covered because they have a “backup plan” for their data. While a backup plan compliments a disaster recovery plan and is a great first step, a backup plan is not the same as a DR plan. You must first consider how you're going to treat patients if a natural disaster makes your EMR unavailable. If your IT infrastructure is destroyed, most IT vendors in the Birmingham area do not inventory server infrastructure: it’s nearly impossible to do with the ever-changing technology, new requirements associated with PM/EMR version updates, etc. This means it will be a minimum of 2-3 weeks before your EMR is functioning again.
Let’s go back to the tornado scenario mentioned earlier. If a tornado thrusts your unencrypted server miles away from your office, and if the ePHI data on that server’s disks is retrieved by anyone other than your practice or an entity covered under your BAA, you’re forced to implement data breach procedures and make an expensive claim on your cyber security insurance policy. This is something that can easily be avoided with a true Disaster Recovery Plan.
We all want to avoid a disaster, but if we can't, the next best thing is to be prepared. Migrating to a TekLinks cloud environment optimizes your business continuity and disaster readiness, while helping to ensure compliance in 12 areas of the HIPAA Security Standards for Administrative, Physical, & Technical Safeguards for ePHI.
When choosing a technology partner to host your data, there are several things to consider: Security, Reliability, and Availability. TekLinks owns and operates Alabama’s first modular and fully redundant public data center, and our data center network hosts hundreds of customers of all sizes. A few key differentiators that set our data centers apart:
- Security: Audited to meet ISO 20000, SSAE-16 SOC 1 & SOC 2 Standards
- Reliability: Flywheels, UPS systems, and diesel generators provide redundant power solutions & optimal uptime
- Availability: Each facility boasts best-in-class networking, connectivity, and robust replication grids for secure data storage and access.
Our Assurances and Certifications: http://www.teklinks.com/managed/assurances-and-certs/
Schedule a data center tour with us today or take a virtual one: http://youtu.be/Ox9X4cSJOrA