HIPAA compliance is not equally well understood by the very community that's faced daily with the issue. So HIPAA questions are still quite common among healthcare professionals who have been tasked with shopping for backup services. The question we hear the most often? "Is Virtual Density's Data Backup service HIPAA compliant?" Here's the story on HIPAA compliance... while a software program or online service can facilitate HIPAA compliance, there is no formal certification issued by the Department of Health and Human Services (HHS) to denote that a software application or online service provider is HIPAA compliant.
Any data backup service provider who tells you that you'll be "HIPAA Certified", just by doing business with them, is misleading you. You don't inherit compliance from a vendor, but you get pretty close if you work with a vendor who understands the process and our mutual roles and responsibilities in that process.
As far as Virtual Density's data backup service is concerned, the Virtual Backup software application and online service will definitely help someone adhere to HIPAA - but it is not about software alone. The data backup service provider you choose has policies, standards, practices and facilities that all play a key role in helping someone adhere to HIPAA. And this is where we help most of all.
Virtual Density's role in helping to facilitate HIPAA compliance pertains to the 'Technical Safeguards' section of the Security Standards stipulated by the HAS.
Under this, two of the key required Implementation Specifications are:
A) Unique User Identification
B) Emergency Access Procedure
Our Virtual Backup service satisfies both of these criteria because we safeguard patient data via advanced encryption algorithms before the data ever leaves the healthcare provider's facility, as well as while it is at rest while stored in our remote data vault facilities. And our facilities are restricted both physically and electronically with access allowed to a very limited number of authorized personnel who are each documented any time access is required, and anytime a process is implemented or changed.
Our service requires a user name/password combination to access the data backup software user interface, and a separate password to decrypt previously encrypted data (encrypted with up to 448 bit encryption keys). Virtual Backup allows for data recovery to any computer authorized to facilitate a data restore request, thereby satisfying the second required Emergency Access Procedure condition as well. In a nutshell, with Virtual Backup, a health care practitioner can be sure that they alone have access to patient data and that this data can be recovered (from a location to which it was previously backed up) in case a disaster strikes the practitioner's physical premises.
In summary, we facilitate HIPAA compliance, and in fact many of our clients use our Virtual Backup software with our data backup service to protect the data for their health care practice.