The online backup solutions provided by MimicData assist with the compliane of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and specifically help covered entities comply with both the HIPAA Privacy and HIPAA Security Rules.
MimicData houses its equipment in highly secured SAS70 Type-II data centers. Each data center has one or all of the following to ensure the protection of your data: Fire suppression that is non destructive to electronic equipment, humidity control, temperature controls, video surveillance, alarm system, identification badges, sign in/out sheet, redundant power, redundant data connections.
HIPAA Access Control and Authentication Requirement
HIPAA Section 164.312(a)(1)
Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4).
HIPAA Section 164.312(d)
Standard: Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.
Access to backup data is restricted to authorized administrators. Each administrator has a unique user name and password. The type of encryption and the encryption key is known only to the customer. The data is stored on the MimicData BackSync Backup is in a compressed and encrypted format that Mimic Data cannot decrypt.
HIPAA Contingency Plan Requirement
HIPAA Section 164.308(a)(7)(i)
Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.
HIPAA Section 164.308(a)(7)(ii)
Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.
BackSync Backup and BackSync Protect provide the foundation to a comprehensive disaster and business continuity plan. Our remote backup service delivers both retrievable exact copies as required by HIPAA and disaster recovery by providing offsite backup that is geographically distant from the client location.
Note: There is no certification for “HIPAA compliance” for backup software or backup service providers. MimicData does not offer legal advice, please contact your legal counsel or refer to HIPAA in the U.S. Department of Human Services website: http://www.hhs.gov/ocr/hipaa/