What is Business Continuity and Disaster Recovery [BCDR] and how is it different from Backup & Recovery?
BCDR is an extremely critical and evolving part of protecting your medical/patient data additionally important business data such as accounting, payroll, contracts essential to your practice-business with the ability to access remotely in minutes NOT days or weeks. HIPAA requires that a medical practice must backup the patient data, store offsite with the possibility to retrieve the data. BCDR is a more robust version of a simple backup and recovery in that the information is real-time uploaded to a secure cloud
Previous backup technologies no longer work to protect from data loss and downtime. Medical Practices are also legally obliged to publically report any compromises and pay exorbitant fines which can often lead to bankruptcy. These catastrophic events can include system failure, fires, storms and the ever-growing threat of breaches, malware and ransomware.
As medical practices and other businesses are increasingly dependent on information technology to run their operations, business continuity planning is essential and MUST include disaster recovery and IT network security.
HIPAA rules related to Business Continuity and Disaster Recovery - BCDR:
All medical practices are required to securely backup "retrievable exact copies of electronic protected health information (CFR 164.308(7)(ii) (A)).
You must be able to fully "restore any loss of data" (CFR 164.308(7)(ii) (B)).
You must store the medical data offsite, not at the same location of the original data; as required by HIPAA Security Final Rule (CFR 164.308(a)(1)).
You must back up your data frequently - as required by the HIPAA Security Final Rule (CFR 164.308(a)(1)).
Safeguards must continue in recovery mode even during emergency mode. CEs and BAs cannot let their guard down (CFR 164.308(7)(ii) (C)).
In today's real-time transactional world, a server crash, database corruption, or erasure of data by a disgruntled employee would result in a significant data loss event if one had to recover from yesterday's data backup.
AIM uses state-of-the-art technology that does read only images of the entire server to out data center that can be 'failed over to' in within minutes rather than other technologies which can take days or even weeks.
Should your practice be audited you can rest assured that AIM can demonstrate fail-over and recovery without the need of standing up additional servers and resources. This is true business continuity and disaster recovery.
AIM offers several managed, budget-friendly, Business Continuity solutions which ensures that there will be minimal disruption to in-house operations should a disaster occur.
AIM offers a managed plan to ensure business continuity and disaster recovery is put in place to.
With AIM's business continuity and disaster recovery services, you will benefit. Here's how:
- Identify critical operations and perform a risk analysis
- Identify solutions that ensure production and processes remain operational and ensure business continuity
- Create and demonstrate a cloud backup configuration allowing access to data within minutes not days
- Provide cloud/hosting services to enable users to logon and access data securely from anywhere there is data and be fully functional within minutes
- Reduce potential legal liabilities due to loss of patient information
- Provide documentation covering business continuity and disaster recovery plan that is complete and does not contain material misrepresentations
- Eliminate the need for in-house IT to manage BCDR
Don't be one of those --
Medical practices that ignore the need of a business continuity plan and alternatively adopts a “head in the sand” position, thinking that disaster will never happen to them! Its not a matter of 'IF' but 'WHEN'!!
Lack of buy-in assuming BCDR planning is simply another fake disaster drill could be the death of one's medical practice.
Regardless of your medical practice size, you need dependable data backup and recovery. AIM Services can provide that to you – call today and prevent the unexpected from ruining your practice, your reputation, and avoid the fines you could endure.