HIPAA Compliant

The data backup service provided by Backup Planet fulfills the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and specifically help covered entities comply with both the HIPAA Privacy and HIPAA Security Rules.

Our state of the art data centers are SAS 70 Type I & II compliant featuring backup generators, redundant power and fiber connections, dry pipe fire suppression systems and biometric thumb print recognition technology.

HIPPA Compliance Features

• Encryption keys and data security
• Geographical separation of backup data from user
• Physical security of backup data
• Written disaster and contingency plan
• Data access and authentication controls

HIPAA Privacy Rule

The HIPAA Privacy Rule sets standards and limits on how Public Health Information (PHI) can be used and disclosed. With our backup solution, all backup data is encrypted by the local client and transmitted in encrypted form through a high security 256-bit SSL (Secure Socket Layer) channel to our data centers where all data remains encrypted at all times. It is extremely important to understand that the encryption key is created and controlled by the customer, resides on a local client at the customer location and is never transmitted to our servers.

HIPAA Security Rule

The HIPAA Security Rule sets standards and implementation requirements on how Public Health Information (PHI) should be protected. Requirements such as physical data security, technical safeguards and administrative procedures all fall within the Security Rule.

HIPPA Access Control and Authentication Requirement

HIPAA Section 164.312(a)(1)

Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in Sec. 164.308(a)(4).

HIPAA Section 164.312(d)

Standard: Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.

Backup Planet’s Solution

All backup data access is restricted to only an authorized user name and password. In addition a client created and retained encryption key is required and only authorized client-side personnel have access to the key. The encryption key is never transmitted and is required to decrypt any data.

HIPPA Data Integrity Requirement

HIPAA Section 164.312(c)(1)

Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.

HIPAA Section 164.312(c)(2)

Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.

Backup Planet’s Solution

All communication and transfer of backup data to the Backup Planet data centers is performed through the Backup Planet client and only controllable with authentication credentials and encryption keys created and maintained by the client.

HIPPA Contingency Plan Requirement

HIPAA Section 164.308(a)(7)(i)

Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information.

HIPAA Section 164.308(a)(7)(ii)

Implementation specifications: (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data.

Backup Planet’s Solution

Our online backup solutions provide the foundation to a comprehensive disaster and business continuity plan. Our online backup solution delivers both retrievable exact copies as required by HIPAA and disaster recovery by providing offsite backup that is geographically distant from the client location with a redundant third copy at yet another geographically distant data center.