HIPAA Compliance: Summary Requirements and How MyDiskBackup Meets Them

The HIPAA Privacy Rule creates national standards to protect individuals' medical records and other personal health information and to give patients more control over their health information. It sets limits on the use and release of health records. It establishes safeguards that providers and health plans must implement to protect the privacy of health information. The Privacy Rule provides that, in general, a covered entity may not use or disclose an individual’s healthcare information without permission except for treatment, payment, or healthcare operations. If your company is not a Health Care Provider this does not mean you are exempt from HIPAA requirements. If you are unsure check with an attorney that specializes in HIPAA compliance or take a look at the Sarbanes-Oxley website. MyDiskBackup's

MyDiskBackup fulfills the requirements of the Health Information Portability & Accountability Act (HIPAA), including data integrity, authentication, contingency planning, access and audit controls as they relate to electronic Protected Health Information. MyDiskBackup’s leadership and expertise in online data backup, replication, and tailored recovery solutions helps organizations protect, archive and recover enterprise data and meet compliance mandates. MyDiskBackup’s industry-leading solutions and customer support provide cost-effective data insurance in the case of human or system failure, virus or disaster.

View the table below to learn specifcally how we fulfill the requirements of HIPAA:

HIPAA Section	MyDiskBackup
Contingency Plan 164.308(a)(7)(i) Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. 164.308(a)(7)(ii) Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.	MyDiskBackup (Online Backup) MyDiskBackup provides comprehensive backup and offsite protection of internal or remote servers. In a crisis situation, information is recoverable quickly in the exact format that was backed up.
Access Controls 164.312(a)(1) Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4).	MyDiskBackup (Online Backup) MyDiskBackup restricts user access via an authorized user name and password. Information is backed up in an encrypted state and remains encrypted while stored in MyDiskBackup's systems.
Audit Controls 164.312(b) Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.	MyDiskBackup (Online Backup) MyDiskBackup automatically creates a comprehensive audit trail of all backups and restores. Logs can be generated in multiple levels of detail and retained according to client needs.
Data Integrity 164.312(c)(1) Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. 164.312(c)(2) Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.	MyDiskBackup (Online Backup) MyDiskBackup provides a 3-level Cyclic Redundancy Check (CRC) to ensure what was sent is what was received at the Vault. Also, once data is backed up with your defined retention schedule, it cannot be mistakenly overwritten or removed.
Authentication 164.312(d) Standard: Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.	MyDiskBackup (Online Backup) MyDiskBackup restricts user access via an authorized user name and password.