HIPAA-Compliant Backups For Your Healthcare Business
Recently, some of the Jungle Disk support team visited a local health clinic to help set up and create off-site backups for their entire office staff. During the planning phase of their setup, we asked some basic questions about their needs for an off-site backup. Their main concern, since they deal with patients’ medical information and records, was the need to be HIPAA (Health Insurance Portability and Accountability Act of 1996) compliant. There are many requirements to becoming fully HIPAA compliant, but for now we are just going to take a look at backups and how Jungle Disk can help.
The following steps are only suggestions for setting up HIPAA compliant backups — one of many things you should be doing to make your healthcare business compliant — and should not be considered instructions to ensure complete HIPAA compliance.
In order for your backups to be HIPAA compliant, you will be required to sign a BAA (business associate agreements) with Jungle Disk. Getting a BAA is simple, first contact our Support Team and ask for a copy of our HIPAA BAA form. We will reply back with the form attached, which you should sign and send back to us. Once we review the BAA, we will have our CEO, Bret Piatt, sign it and return back to you for your records.
Next, we will start creating your online disks where your data will be stored. This will be done in the Admin Control Panel at secure.jungledisk.com. When creating an online disk through Jungle Disk, you are given the choice of selecting a storage provider. By default, our storage provider is Google Cloud. Any of our providers will allow you to be HIPAA compliant, but, depending on your location, you may need to go with a storage provider that services within your own country.
Next, you will be asked what type of security you will want this disk to have — you will want to select “High Security” and make sure the “Encrypted File Names” box is selected. This is the only time you will be asked this, and you can not apply this feature at a later time. By default, all data being uploaded to your online disk is encrypted while in transport. By selecting this feature it will ensure that all files and file names will be encrypted in the online disk while at rest.
Lastly, you will want to give this online disk a password. You will need this password in order to access any of the information on your online disk, and you can even adjust the frequency you will need to authenticate to this online disk within the Jungle Disk activity monitor. (Note: Jungle Disk does not keep any records of your online disk passwords. If this password is lost and you do not choose to keep the default setting of storing the password in the backup vault, there is no way to reset this password or access the data. I would highly recommend keeping a record of your online disk password in a password manager such as TeamPassword.)
Once you have gone through these settings, you should have a window similar to the screenshot below. Next, you will want to click on the “Create Online Disk” button and give your users permissions to the disk. Now, go ahead and set up your backup as normal.
That’s it. Now your data will be encrypted in transport and at rest. As long as you are following all other HIPAA regulations, you and your patients’ data should be protected!