Business Continuity in partnership with Intronis™

Good business continuity plans will keep your healthcare practice up and running through interruptions of any kind: power failures, IT system crashes, natural disasters, and more. What could be more important than ensuring the availability of patient healthcare records? Remember Hurricane Katrina?

Yet healthcare business continuity planning is met with the concern of patient privacy and has become a major topic of concern over the past several years. With the majority of patient information being transferred over to digital format to improve the convenience, efficiency and cost of storing the data, organizations expose themselves to certain risks. These risks include the possibility of damage to the computers storing the information by natural disaster or human mishandling, corruption by virus attacks, and even stolen data by unauthorized personnel. Prior to the institution of the Health Insurance Portability and Accountability Act (“HIPAA”) by Congress in 1996, there were no universal standards set in place to identify whether or not a healthcare provider was properly securing patient information. Fortunately, HIPAA was designed to reduce the administrative costs of healthcare, to promote the confidentiality and portability of patient records, to develop standards for consistency in the health care industry, and to provide an incentive for electronic communications. With these standards in place, organizations better protect their systems, and patients can feel confident that their personal medical information will remain private.

Virtually all healthcare organizations are affected by the HIPAA standards. This act applies to any healthcare provider, health plan or clearinghouse (collectively “Covered Entities”) that electronically maintains or transmits health information pertaining to patients. If you are a Covered Entity, each healthcare provider is charged with the responsibility to establish appropriate measures that address the physical, technical and administrative components of patient data privacy. With the exception of small health plans, all Covered Entities must have had data security standards in place and operational by April 21, 2005, when the Standards for the Security of Electronic Protected Health Information (the “Security Rule”) of HIPAA went into effect for health care providers. Small health plans were exempted until April 21, 2006. The Security Rule requires health care providers to put in place certain administrative, physical and technical safeguards for electronic patient data. Among other things, Covered Entities will be required to have a Data Backup Plan, a Disaster Recovery Plan, and an Emergency Mode Operation Plan.

Why should your healthcare entity be concerned with this compliance? Simply put, every patient cares about the privacy and integrity of their health information. More and more people are becoming aware of their rights to keep that data private and are taking action when that data is compromised. With today’s dilemma of identity theft, protecting personal information stored in digital format is critical. Baseline magazine reports that more than 90 percent of data breaches in 2006 were in digital form and some 40 percent of publicly disclosed security breaches were caused by hackers or insider access, specifically targeting sensitive personal information. The FBI reported in 2006 that the average cost per data breach has reached $4.8 billion and since February 2005, 93.8 million personal records.

Laser Logics is proud to have a strategic partnership with Intronis for remote data backup exceeding the HIPAA compliancy standards to protect your patient data.