Offsite Backup Services for an EMR

I’ve been seeing a number of new offsite backup services for EMR software. They are becoming quite sophisticated and are an option that I think many doctors offices should consider. I know that in one doctors office I setup a USB hard drive which they could take home with them in order to have some semblance of an off site backup.

This is far from perfect and even harder to secure the right way. Not something that most doctors offices will want to take on alone. However, the real problem with this type of “off site” backup is that they too often forget to take the backup offsite. They don’t verify that the backup was done. I’m sure there’s more, but you get the picture.

Seems like many of these off site backup services provide a really great service that solves a lot of these problems. Not all of them (like verifying that the backup can be restored), but they are becoming quite sophisticated.

I’m interested to hear other people’s experiences with these type of offsite backup services. What do you like? What do you dislike? What do you wish they’d do?

I have a feeling these type of really useful services won’t be in rich supply on the HIMSS vendor floor, but I’ll be keeping my eyes out for useful and practical services like this at HIMSS. If you’re a vendor of a service like this that will be at HIMSS, let me know so we can meet. Same goes for any ambulatory EMR vendors. I’d love to meet with you at HIMSS too.

About the author

John Lynn

John Lynn

John Lynn is the Founder of, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • There are a few things to think about regarding EMR offsite backup. Data that is moving offsite from and an EMR to a hosted backup service, via the Internet, must be encrypted as per the HIPAA Security Rule. The company that hosts the offsite backup would need to sign a Business Associates Agreement as well. Do your due diligence regarding where the data is stored. Make sure the servers are in a protected location (data center) with high level of physical security. Make sure the data is stored on the servers in an encrypted manner to prevent unauthorized access to patient data.

  • We sell a really nice backup, disaster recovery and business continuity solution that comes in a few different flavors. The backups are performed as images to a local device as often as every 15 minutes. In the event of a server crash the images can be virtualized on the device to replace the server temporarily while the downed server is being fixed for replaced – business continuity. The client has the option to send the images in a secure format to an off site datacenter @ $1 per GB. In the event of a building catastrophe we can ship a new appliance overnight with the images preloaded to anywhere the client wants. We can talk a bit more about the solution at the meet and greet on Monday night if you are interested.

  • Very interesting Brian. Virtualization is amazing, but I haven’t seen it implemented in small practices. I’m interested to hear what you’re doing. Glad to hear you’ll be at the meetup as well. Looking forward to meeting you in person and we can definitely talk.

  • John – Do you not have an about me section or something that gives your background? I cant seem to find anything on the site. Just curious.

  • Offsite backup is a must for healthcare providers and with a vast array of inexpensive providers it should be a slam dunk for practices to implement something quickly without much hassle. Unfortunately, this is not the case. Most of the popular solutions out their fail to meet the grade on several fronts:
    1) Most online backup providers will not sign a BAA
    2) Most providers do not understand HIPAA or HITECH and do not have a HIPAA officer of any kind
    3) Most of the online providers are myopic in their view of disaster recovery and merely provide a file archive service not a disaster recovery and business continuity offering
    4) Higher end solutions that deploy drive imaging require additional hardware and are cost prohibitive
    5) The list goes on and on
    When considering a business continuity partner it is important to understand their view of the service they provide and how well you will be supported when the hour of need arrives. Remember it is not if but rather when your computer drive will fail (all drives fail eventually).
    At DiskAgent we provide a complete continuous data protection solution that is easy to use yet powerful enough to provide you the options needed to protect your business and your pocket book. Our solution offers remote and onsite backup as well as remote destroy options in the event your computer or smartphone is lost or stolen. DiskAgent ( is very affordable starting at $4.95/month and $0.49/GB. At DiskAgent, we store your data in several SAS70 certified data centers across the US and we are well versed in all of the security, consumer protection, and healthcare related requirements that affect both small and large practices and hospitals. Remember that most practices now fall under the FTC’s Red Flag Rule as well as the new data breach laws that all of the states are enacting, for more information on how they impact you go to
    Lastly, please remember to use a business continuity and backup provider that will sign a BAA with you and knows the HIPAA requirements otherwise you are wasting your money. You should also call their support line to see how long you can expect to receive a response when you are in trouble as well as ask them how many times they have failed to recover files for their clients.

Click here to post a comment