The Security Rule outlines the specific measures a health care entity must take to protect electronic protected health information from unauthorized breaches of privacy and measures to ensure against the loss of integrity of personal health information, such as might occur if patients' records are lost or destroyed by accident.

The intent of backing-up data is to help ensure its availability by transferring and storing duplicate data at a secondary location. However, simply transferring data to another environment without verifying its integrity or the ability to restore it within a defined business timeframe is a recipe for disaster.

A recent survey stated that only 37 percent of companies that back up their data actually test its integrity and recoverability. And about 77 percent of that group fail to restore their data within the defined business recovery window or don't recover at all. Hence, less than 10 percent of companies succeed at recovering vital business data using their existing data backup processes.

An important facet of computer security involves protecting electronic data from loss or corruption - that is, ensuring its integrity. Although there are many ways data integrity can be affected, the most common is loss of data from an emergency or disaster, including human error, mechanical hard disk failure and equipment damage due to flooding or computer virus infection.

HIPAA requires organizations to have a contingency plan to continue operations in the event of data loss. This contingency plan must include details concerning the data backup and recovery process, who handles the backup media, the media rotation process, where the media is stored, how quickly it can be retrieved in the event of a disaster and all other aspects associated with data backups, protection,security, storage, and recovery. Data loss can result in further losses of productivity, patients and revenue.  Fortunately, the damaging impact of data loss can be negated with a qualified data protection solution as part of your contingency plan.

A backup system is a combination of hardware and software that lets you retrieve exact copies of information if the originals become lost or damaged. There are several kinds of commonly used backup systems, including those that store data to tapes, compact discs or off-site devices. The equipment and service can cost from hundreds to thousands of dollars.

The best method for your practice can only be determined after you know how much data needs to be backed up. At a minimum, your practice's backup system should store all of the critical data needed to run the practice in the event of a disaster. Practices should conduct an analysis to identify these critical data.