One Year After Hurricane Sandy

1. “My IT company set up my backup X years ago” – please be aware that your IT company might not be familiar with your medical software’s database and how it needs to be backed up; also, the backup can break at any time.
2. “We think we are backing up” – 65% of businesses that run backups can’t restore when they need it.
3. “I thought my IT company checked with our software vendor before they did anything” – if it is not in writing, it didn’t happen.
4. “We have support; doesn’t that include the backup?” – unless it is confirmed with the vendor of your medical software such as Medisoft, Medisoft Clinical, Lytec, Lytec MD, or Greenway PrimeSUITE, it might not be included.
5. “We’ve backed up onto the same drive every day for the last X years” – don’t put all your eggs in one basket; have more than three drives, and take a drive offsite.

Good practices to follow:

1. Find out who is responsible for your backup, and get it in writing.
2. Find out if the backup method being used is compatible with your medical software, and get it in writing.
3. Find out exactly which files, folders, and drives need to be backed up (unless you are using an imaging backup system which can back up the entire server), and get it in writing.
4. Assign a responsible person to check the backup daily.
5. Have your backup audited at least three times a year by a professional.
6. Arrange to have a copy of your backup offsite; when you do so, make sure the drive is encrypted to be HIPAA-complaint.
7. Rotate your backup drives and don’t use them for more than three years without replacing them.
8. Arrange for what you will do if your server dies or you have no access to your office. Do you have a disaster recovery plan or have a plan to work at a temporary site? Ask yourself this question: how many days can you function without access to your office in case of a disaster?
9. Install a UPS (uninterruptible power supply).
10. Review your IT security, such as firewalls and antivirus software.