Building a Robust Disaster Recovery Plan
HIPAA’s Security Rule demands that all covered entities such as medical and dental practices create a disaster recovery plan for the event of a server failure or data loss. More importantly, having a disaster recovery plan in place is the only way that you can protect against loss of production and downtime.
Following the Advice of Health & Human Services
Going straight to the source at HHS is a good place to start. However, while the information provided by HHS is valuable, they don’t tell you exactly how to institute the best disaster recovery plan for your practice. It’s up to you to develop the scope of your plan, and to apply the plan to your office.
Good, Local Backups
The first thing to consider about your disaster recovery plan is your backup. Your local backup may be the best way to get you up and running, but there are limitations to your local backup.
- If your crash happens mid-day and your backup runs nightly, you may lose a day’s worth of data.
- If your server hardware is not viable, then you may need to obtain a new server or piece of hardware to restore your data to.
- While your local backup may get you up and running quickly, you will have some loss of production if it’s the only component of your Disaster Recovery Plan.
Incremental, Cloud Backups
Adding an encrypted cloud component to your backup is a good way to make sure that mid-day crashes won’t erase your entire day of documentation.
- You’ll need a good upload bandwidth to keep your cloud backup current.
- Downloading from the Cloud is a great solution to fill in the gaps of your crash-day.
Making your Backup work as a Fail-Over Server
The absolute quickest way to mitigate any downtime, is to institute a plan that converts your current backup into a usable, virtual server.
- If you already have a backup in place, you can make sure that it’s in a format that can be virtualized on demand.
- Virtualizing your Backup ensures that you have very little downtime even if your server hardware dies.
- You can virtualize your local or cloud backup, so that if needed, changing a few settings on the router or workstations will bring you back up while your server is fixed or replaced.
- While performance of this virtual server will not match your failed server, production can continue normally.
Testing your Disaster Recovery Plan
Periodically, at least once per year, you should be testing your backup plan. Each component can be tested individually, and you’ll know exactly how long you might be down in case of disaster.
- HIPAA demands that you test your Disaster Recovery Plan on a yearly basis.
- Performing your test restore must comply with HIPAA – meaning, using a Home PC for your test restore will not meet compliance.
Getting Professional Advice
There are many ways to reach compliance and produce a Disaster Recovery Plan that will keep your practice running in the event of server failure or data loss. Contact a dental IT provider such as dmi Networking, and learn how to keep your data secure in a way that fits your budget.