Keep your data safe by knowing exactly what type of backup your systems need and how often to do it.
Of all the topics my clients and potential clients ask about, the issue of data backup is far and away the most common one. I’ve mentioned data backup several times in the more than 5 years I’ve written this column. But because there have been some updates, I thought it would be good to review my recommendations.
Just like when it comes to choosing your impression materials or implant system, there’s no right, wrong, or necessarily best choice; it’s what works best for you. It all boils down to making sure you back up your data on a regular basis and that the backup is secure and meets HIPAA guidelines. The question is, how do you accomplish that? I always recommend a 2-pronged approach to backup: a local backup and an offsite backup.
There are many ways to do a local backup, and the method you use may be limited by your budget. If cost isn’t an issue, I highly recommend doing what’s called a server image and putting it on a Windows computer. A server image is a copy of the entire server, not just the data but the program files and network settings; it’s basically an exact copy of the entire server. We put that image on another computer and virtualize it. If your server goes down, we fire up the virtual copy, and within minutes, you are up and running again. As far as other computers on the network are concerned, the main server is back and running normally.
I recommend purchasing a souped-up computer with at least 3 to 4 TB of storage for the local server image. Why? Well, if the image sits on a Windows computer, that computer can function as the replacement server temporarily; you can boot from it and have it act as a server. And I prefer 3 to 4 TB so we can put multiple days or weeks of backups on there. If your budget is limited, you can use an inexpensive external hard drive. But in many cases, we’d need to copy those files to the replacement server before it can function, which can significantly slow down the restore process.
Of course, having the best local backup won’t protect you from flood, fire, theft, etc, so you need to make sure the data leave the office every day. In the past, individuals took external hard drives home, but this wasn’t the easiest option for many practices. What I suggest instead is a cloud backup. It can be done automatically, with no input required from you or your team. It’s quick and easy to track and document.
Finally, you need to make sure your backup meets HIPAA requirements. By having a cloud backup, you meet the requirement that backups must be retrievable. You need to use software that will encrypt the local backup as well as encrypt the data are it travels to the cloud location. HIPAA rules require you to verify the backup and do test restores on a regular basis. We do them weekly for our clients; you should test monthly at the very least.
A properly designed and monitored backup will give you peace of mind. You’ll sleep well at night knowing your data is safe and secure. In most cases, you should consider working with an information technology provider who is exclusive to health care to ensure your backups meet all privacy and security rules.