HIPAA and Cloud Backup: What You Need to Know

HIPAA is a high level standard that defines rules about how "Individual identifiable health information" needs to be protected by health care providers. Accordingly, when it comes to backup, HIPAA only applies where you backup patient information which may be stored in files or databases. When evaluating a cloud backup provider for HIPAA sensitive data, the two most important questions that you need to ask yourself are:

• What's the possibility of a data breach?
• Who is liable in the event of a data breach?

Data Breach Risk

Independent of HIPAA, KineticD knows how important your sensitive data is to the future of your business. That's why we surround all your information with the most stringent safety measures on the market, such as:

• Data center: Your data is stored within the shelter of a SSAE 16 certified data center.
• Encryption of data during backup: During the backup process, all your files are first secured with a 448-bit Blowfish encryption key, and then transferred to our data center using a secure SSL connection.
• Encryption of data on KineticD servers: All your backed-up data maintains the 448-bit Blowfish encryption while stored "at rest" in our data center.
• Physical security: KineticD servers are located in a Tier 3 data center protected by gated perimeter access, 24/7/365 on-site security and technicians, electronic card key access, and strategically placed security cameras inside and outside the building.
• Remote/offsite backup: KineticD is an automated remote or offsite backup service. A key component in any disaster recovery plan includes protection against hardware failure, theft, virus attack, accidental deletion, and natural disasters.
• Logical access: Your backed-up data may be accessed via the Web-based KineticD administrative console by supplying a valid password.
• Written contingency plan: The HIPAA Security rule requires that covered entities have a written contingency plan for responding to system emergencies, including a detailed plan concerning the data backup and recovery process in the event of a disaster.

Liability

You'll be hard-pressed to find an online/cloud backup provider that's willing to accept the liability for the planned fees surrounding HIPAA non-compliance. So, you really have two options:

Private Backup Cloud: With this option, you'll have a private cloud installed in your data center. For added security, use private encryption keys. See our KineticCloud for MSPs section for more information.

Public Backup Cloud: Find a public cloud provider that supports private encryption keys. That way, even if the provider's data center is breached, no one can access your information because you're the only one with the private keys to decrypt it.