Many organizations make a choice between cloud backup and on-premises and leave it there.
The best data backup strategies, however, go further than that and require an active commitment on the part of every employee whilst remaining simple to follow and implement.
At Central Data Storage, we’re big fans of the ‘3-2-1 backup strategy’ for this very reason. Simple, fast and secure, the 3-2-1 method provides a reliable way of ensuring your patients’ ePHI is safe no matter what.
What Is the 3-2-1 Data Backup Strategy in the Cloud?
The 3-2-1 backup strategy is a backup strategy template for ensuring you can recover your critical data in the event it is compromised.
In terms of backup, ‘3-2-1’ means that:
You have at least three copies of your data
Two of these should be onsite, on different storage types in different locations
One of these should be stored safely offsite, for example cloud or online backup
For step two, it’s vital that you store additional copies of your data on a device that isn’t attached to your main computer or primary data source. Such devices include:
Let’s say you had a database of patient contact details. To follow the 3-2-1 backup strategy, you could maintain:
One copy on your desktop computer
One copy on an external hard drive
One copy on an offsite, HIPAA-compliant, cloud-based server
This gives you backup options for all eventualities. If your computer crashes, you can restore the database via your external hard drive. If you lose both via theft or natural disaster (for example, floods or storms hitting your practice), you can restore from the cloud. If, somehow, your offsite backups are corrupted, you still have the two local copies to hand.
Cloud storage, indeed, provides that crucial third element of your 3-2-1 backup strategy. By storing patient records, contact and payment details, etc. offsite with a HIPAA-compliant cloud vendor, you can always recover them if your onsite data is compromised.
Backing your data up in the cloud reduces this threat significantly. It’s not just the geographical distance that’s useful for maintaining reliable backups, either. Third-party data centers employ top-of-the-range IT experts (and extensive CCTV, surveillance, guards and other physical security apparatus) to ensure your data is kept safe.
So, what actions can you take to ensure your 3-2-1 backup strategy is as effective as possible? You will need to conduct advanced planning, adapt your approach based on data type and ensure your staff are well trained.
Here are three best practices for backing up data to the cloud:
Ensure Employees Are Clear About Their Responsibilities
Your entire practice has a role to play in your data backup process. As well as knowing the basics (setting strong passwords, for example, or reporting phishing emails), employees need to know exactly what their responsibilities are regarding data backup.
As such, it’s essential that you provide introductory training to all new employees and refresher training frequently throughout the year.
Set Data Recovery Objectives
Recovery objectives are central to any database backup strategy. These are:
Recovery time objectives: Recovery time objectives help you understand how quickly you need to recover your data and systems before downtime has a major financial impact on your practice. Can you survive an hour, a day, or a week before the point of no return?
Recovery point objectives: Recovery point objectives are based around how much data you can afford to lose (for example, an hour’s worth). Use recovery point objectives to determine how often you need to make backups to minimize data loss between backup and failure events. Backing up on a regular basis will drastically reduce risk here.
Establishing RTOs and RPOs for your practice will help you build a backup plan that minimizes damage and costs caused by data loss or theft.
Make Detailed Disaster Recovery Plans
Map out exactly which sort of failure events you might need to recover from – for example, natural disaster, cyberattack, or hardware failure – and create disaster recovery plans for each.
Revenue loss starts the second your systems go offline, so it’s essential to know:
Which data you will prioritize in a failure event
How long it will take to restore your data
How your approach needs to differ based on each situation
UnisonBDR: Compliant Cloud Storage for Your Practice
If you want to store patient data offsite, it’s vital that you find a storage partner with significant experience working with healthcare providers.
At Central Data Storage, we specialize in providing safe cloud backup software for HIPAA covered entities.
With UnisonBDR, not only do we automate your backups straight to the cloud, we can protect all your files on laptops, desktops, servers, databases and external devices right around the clock with our 448-bit beyond-military-grade end-to-end encryption. Your data is always safe with CDS and no matter what happens to the data at your office, we can restore your entire file history – every single version – to any device when you need it.