HIPAA Compliancy for Backups

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) doesn't just apply to hospitals and doctors' offices, but can come into play with anyone even tangentially involved in health care. This includes service providers such as VARs and MSPs.

The penalties for violating HIPAA rules and regulations are serious. The state health department in Alaska lost a backup drive and was hit with a $1.7 million fine. These fines can also apply to third parties that are responsible for securing data.

Backup is one of the most important areas to protect as this is where the crown jewels such as patient data are housed. IASO secure backup solutions helps customers, service providers and channel partner comply with HIPAA through strong encryption, and the fact that the customer holds the private encryption keys so the data cannot be altered by an outside party. And having IASO backup in the cloud means your private data is always secure and available, with no fear of loss.


Secure health care backup

Managed Service Providers (MSP) can get help from IASO through the GFI HIPAA readiness pack which helps providers harden their solution to meet these health care regulations. "We recognize that MSPs that work with healthcare providers have specific needs that must be met in order to continue doing business under the regulations. Our HIPAA readiness pack, along with the IASO backup platform, is designed to take the pain out of the process, providing them with the information and tools they need to fulfil their customers' requirements fully and effectively and allowing them to maintain their focus on the growth of their business and the satisfaction of their customers," said Johan Jongsma, CTO of IASO.

Fabian Oliva, an independent security and compliance analyst, was tapped by GFI to teach its partners about HIPAA. "The HIPAA Security Rule applies to all health plans, health care clearinghouses, and to any health care provider who transmits health care data in electronic form, otherwise referred to as a Covered Entity (CE). Further, HIPAA requires that any person or organization that conducts business with the Covered Entity that involves the specific usage or disclosure of individually identifiable health information, otherwise referred to as a Business Associate (BA), must also comply and adhere to HIPAA security requirements. In order to be considered a Business Associate, the work of an organization must deal directly with the use and or disclosure of protected health information. Examples of such include: outsourced billing providers, collections providers, transcriptionists and EMR providers among many others," said Oliva. "MSP's play a critical role towards helping to ensure that their customers maintain a secure and HIPAA compliant environment. Most importantly, they must ensure that their internal processes and procedures are in accordance with the HIPAA security requirements."

Part of the IASO HIPAA solution is private key encryption. With such encryption, the provider itself can't even get at the customer data, offering deep HIPAA compliance. The only way the data can be decrypted is with the use of the customer's encryption key.

back to tour

Experience the power,
speed and efficiency

IASO reduces the technical and logistical obstacles associated with
traditional backup processes, and provides you with a cloud-based
restore solution that's both cutting edge and easy to use.

Start your free 30-day trial

Terms of use