● Roundup: Disaster Recovery DR underscores the By Phil Colpas
at Main practice, where most UF students receive medical care, might be the victims of identity theft. (For more on this unfortunate event, see Health Management Technology’s April 9 e-newsletter.) Unfortunately, incidents like this one have become much
more prevalent of late, as hospitals and practices struggle with how to keep records secure while also ensuring they are prop- erly backed up in case of a disaster. And while backing up all patient records is a necessity, it also increases the chances of a breach occurring. Accellion, a provider of secure fi le-sharing solutions, esti- mates data breaches cost the healthcare industry approximately $6 billion a year.
s a graduate of the University of Florida’s College of Journalism & Communications, I was struck especially hard by recent news that nearly 15,000 patients at the UF&Shands Family Medicine
From augmenting security through a plethora of means, to exploring various ways of fending off cyber attacks; from maxi- mizing audit readiness, to the challenges of securing mobile media, keeping protected health information (PHI) safe has become of paramount importance to the healthcare industry. According to the U.S. Department of Health and Human
Services (HHS), T e Health Insurance Portability and Ac- countability Act (HIPAA) Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used or maintained by a covered entity. T e Security Rule requires appropriate ad- ministrative, physical and technical safeguards to ensure the confi dentiality, integrity and security of electronic protected health information. So how do we ensure that patient information is both secure and able to be recovered in case of a disaster? HMT asked select industry experts that very question.
Todd Scallan, VP products, Axcient
Minimize data loss and maximize recovery As hospitals and healthcare providers move more records and
sensitive information online, data protection becomes an increas- ingly important issue. Ponemon Institute’s Benchmark Survey of Healthcare Providers on Patient Privacy and Data Security (De- cember, 2012) indicates a rise in both occurrence and costs of data loss. In fact, 96 percent of organizations admitted to at least one breach within the past two years. T e estimated fi nancial impact of these breaches was in the billions, with 81 percent reporting time and productivity loss, as well. Just as risks are increasing, so are the penalties of noncompli-
ance. Beginning Sept. 23, 2013, HHS will start enforcing HIPAA rules for maintaining the secure data backup and recovery of PHI. Healthcare businesses and their associates (including IT providers) will face investigations and penalties up to $1.5 million per viola- tion if they do not comply. Data loss and downtime can be caused by a variety of daily challenges and risks, ranging from natural disasters to equipment failure and cyber security threats. As a best practice, all healthcare providers should conduct a risk analysis and then develop an action
6 May 2013
plan to address vulnerabilities. T ey should also test their backup and recovery technology solution to identify potential gaps in data protection. Testing should evaluate whether the solution in place can ensure the complete protection and immediate recovery of patient records, scheduling systems and billing programs so that healthcare providers can continue serving patients and maintaining HIPAA compliance without loss of productivity.
Jon Ryalls, records and information solutions architect, Canon Business Process Services
Three critical elements that make a difference in disaster recovery Because patient data includes sensitive information, it is criti- cal to manage and protect it as much as possible against potential disasters. Based on my experience providing managed services to healthcare organizations, I’d like to spotlight three critical elements I believe can help meet these goals: 1. Identify how medical information is being managed and how it can be retrieved in the event of a disaster. T is includes clarifying gaps in compliance with such industry regulations as HIPAA and HITECH.
2. Control information more eff ectively by implementing HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com
importance of security Regardless of the selected solution, experts agree the most important criteria for a disaster recovery (DR) back-up system is that it is secure.