Skip to content Skip to navigation

Protect Computerized Data With Off-Site Backups

May 1, 2006
by root
| Reprints
For ultimate data security, what you need to know about remote backup by Bruce Eckert, MBA, CPHIMS
BY BRUCE ECKERT, MBA, CPHIMS Protect computerized data with off-site backups
Steps to safeguard residents' records before an unplanned event threatens them
Who can forget the devastation and suffering that Hurricane Katrina inflicted on nursing homes? Some 30,000 nursing home residents were evacuated or displaced to other care settings and, tragically, 140 nursing home residents died. For fragile residents, evacuation to safety posed another risk-lack of information. "Records were lost and most of the time, evacuees could not remember nor did they know what medicines they were on or how much," observed one medical volunteer.

The electronic patient record movement is gaining more momentum because of Katrina. Kindred Healthcare, which uses an electronic record system, lost no records and gained considerable positive press as a result. While electronic records can be safer and more secure, implementing an electronic record system requires planning and action on the part of an organization's administration well before a disaster strikes.

With an electronic record system, all resident records are stored in a single, compact, centralized database, which allows fast and easy access to all records from virtually any location in the organization-the benefits of which are well known. But by concentrating all records in a single location, risk of loss is increased: If that centralized database is damaged, all the records can be lost, and a Katrina-like disaster is not necessary-it could be as simple as a defective hard drive, a leaky pipe, or a careless computer technician.

Imagine the impact on a long-term care facility of losing all its resident's records. Even without computerized care documentation, how many facilities could survive losing all of their computerized financial information, including accounts receivable, unbilled claims, personnel records, and payroll processing capabilities?

Off-Site Backups-The Final Line of Defense
Katrina's first lesson for healthcare information technology managers is to geographically diversify one's data. Kindred's records were safe not because they were electronic, but because they were in Louisville, Kentucky, which was a by-product of the records being electronic (if the Kindred corporate data center had happened to be in New Orleans instead of Louisville, the story may have been very different). Unfortunately, the many Gulf Coast hospitals, long-term care facilities, and physician offices that kept their computer backups in the same room-or even the same city-as their main servers found these backups provided them with no added protection.

Off-site backups of computerized data are an organization's ultimate "fail-safe" protection against catastrophic data loss, but to fulfill that role, off-site backups need to be managed correctly. An effective off-site backup procedure incorporates four characteristics: distance, frequency, security, and accessibility.

Distance. The point of off-site backups is to prevent all copies of an organization's data from being destroyed in a single catastrophic event. Thus, the more distance between the various copies (that is, the "live" system and each backup copy), the lower the risk. Apply this principle to all backups-store daily backups down the hallway from the server room, or in the building next door. Better yet, divide them between two locations. Then, significantly separate the fail-safe off-site backups from the main server location. Five miles should be the minimum.

But more important than distance is selecting a location that is not subject to the same risks as the main data center location. Before Katrina, the Tulane University Medical Center stored its off-site backups elsewhere in New Orleans but, after the hurricane hit, it was unable to access them when needed-the building was locked up and inaccessible.

Frequency. If an organization's off-site backups were ever needed to restore its systems, the organization would lose all of the data entered into the systems between the time that the off-site backups were created and the time of the catastrophic event. Clearly, the more frequently backups are sent off-site, the lower the data loss risk. A common off-site backup rotation cycle is a week, and this should be the minimum-losing a week of data would hurt most organizations, but would not be devastating.

Security. All healthcare providers are required to provide proper security for all copies of individually identifiable health information regardless of the media used to hold it or the location in which it is stored. This includes backup copies of computerized data that contain individually identifiable health information. Thus, backup data must be transported securely-ideally, in locked cases and by a bonded courier. Verify the physical security of the backup storage location. Could an unauthorized person gain access to stored backups and leave the building with them? What systems and procedures are in place to prevent this? If a commercial records storage company (or any location not owned or controlled by the organization storing the backups) is used to store off-site backups, it is prudent to execute a HIPAA business associate agreement with the entity responsible for the storage location. To further improve security of backup data, use software that encrypts and password-protects backups.

A simple but often overlooked practice to improve the security of backup data is maintaining up-to-date logs of where all backup copies are located. Such a log will provide a quick alert to missing or misplaced backup copies.

Pages

Topics