I use to live and work in Hawaii and so many times I’ve considered working out an arrangment with them to store a backup of my EMR in Hawaii since I could easily transfer it over the internet. What better backup location then Hawaii? In the end the idea pretty much fell apart when I started thinking about the HIPAA hurdles that I would have to deal with to make it work. Since my employer probably doesn’t want to fly me to Hawaii to do security audits how would I really know what is going on there? Also, how would I manage who gained access to their data center. I could put a little server in my own locked cage which is only accessible by a couple people who have signed the Privacy agreement. However, once you start talking cages and security the price tag continues to rise. If anyone reading this would like to work with me on this, I’d be happy to make the trips out to see friends if they want to pay for that kind of backup.
Since my Hawaii idea fell through we just have a fire proof safe in an undisclosed location that is kind of like the old movie Get Smart to gain access(minus the automated doors). As a college health organization we have a few more resources than most doctor’s offices. This is why I was happy to find someone offering a service I’d been looking around for. The service is offered by Creative Software Solutions and they offer a service called Handy Backup Service. I’m not an end user and I have no affilitation to the company so I can’t vouge for that, but it’s nice to see someone offering this type of service. The best part is that they are willing to sign a Business Associates agreement. We all know how important that is for this kind of service.
I really think that the future of offsite backups is with the EMR vendors themselves. If you are an EMR vendor reading this…You should partner with some good, quality, technical people(a few still do exist) that could help you offer this service to your customers. I know that in the event of a disaster the first person I am going to call to restore my EMR is my EMR vendor. They know their EMR system infinitely better than me. Why not take it one step further and give them all the tools(and data) that they need to restore your system in case of a disaster. Not to mention they’ve already signed the Business Associate’s agreement.
This is a wonderful wealth of information. Good Luck!
John:
Yes, I agree with you 100% trusting an EMR, and other HIPAA data to a back up vendor is something that must be done with care.
We are in this business, and I would love to catch up with you on what we are doing, and how we are doing it. You have identified many of what we think are the right issues, but we would love to find out from you, and other university health care IT folks what their needs are.
Skip,
Sounds very interesting. I’m really tied up for the next couple weeks, but send me some information on my contact us page in about 2 weeks and I’d love to hear more: https://www.healthcareittoday.com/contact-us/
I need to find out who and how I can file a HIPPA complait. I have tried to find one on the web and get re directed to other sites that do nothing but confuse me. Where would a normal average person file that complaint and who do we file it with?
Why so hard?
Kelly
I’m curious about how offices are planning to address the HIPAA offsite data storage requirement that is scheduled to take effect on January 1st, 2012?
Hi Bob,
Do you have a reference for the requirement you’re referring to?