HIPAA Compliant Offsite Backup Solution

I use to live and work in Hawaii and so many times I’ve considered working out an arrangment with them to store a backup of my EMR in Hawaii since I could easily transfer it over the internet. What better backup location then Hawaii? In the end the idea pretty much fell apart when I started thinking about the HIPAA hurdles that I would have to deal with to make it work. Since my employer probably doesn’t want to fly me to Hawaii to do security audits how would I really know what is going on there? Also, how would I manage who gained access to their data center. I could put a little server in my own locked cage which is only accessible by a couple people who have signed the Privacy agreement. However, once you start talking cages and security the price tag continues to rise. If anyone reading this would like to work with me on this, I’d be happy to make the trips out to see friends if they want to pay for that kind of backup.

Since my Hawaii idea fell through we just have a fire proof safe in an undisclosed location that is kind of like the old movie Get Smart to gain access(minus the automated doors). As a college health organization we have a few more resources than most doctor’s offices. This is why I was happy to find someone offering a service I’d been looking around for. The service is offered by Creative Software Solutions and they offer a service called Handy Backup Service. I’m not an end user and I have no affilitation to the company so I can’t vouge for that, but it’s nice to see someone offering this type of service. The best part is that they are willing to sign a Business Associates agreement. We all know how important that is for this kind of service.

I really think that the future of offsite backups is with the EMR vendors themselves. If you are an EMR vendor reading this…You should partner with some good, quality, technical people(a few still do exist) that could help you offer this service to your customers. I know that in the event of a disaster the first person I am going to call to restore my EMR is my EMR vendor. They know their EMR system infinitely better than me. Why not take it one step further and give them all the tools(and data) that they need to restore your system in case of a disaster. Not to mention they’ve already signed the Business Associate’s agreement.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • John:

    Yes, I agree with you 100% trusting an EMR, and other HIPAA data to a back up vendor is something that must be done with care.

    We are in this business, and I would love to catch up with you on what we are doing, and how we are doing it. You have identified many of what we think are the right issues, but we would love to find out from you, and other university health care IT folks what their needs are.

  • I need to find out who and how I can file a HIPPA complait. I have tried to find one on the web and get re directed to other sites that do nothing but confuse me. Where would a normal average person file that complaint and who do we file it with?

    Why so hard?


  • I’m curious about how offices are planning to address the HIPAA offsite data storage requirement that is scheduled to take effect on January 1st, 2012?

Click here to post a comment