The Health Insurance Portability and Accountability Act (HIPAA) in USA states that health care professionals are required by law to back up their files and store them, encrypted, so they can be recovered in the event of a fire, natural disaster, or other catastrophe.
HIPAA requires healthcare providers and their business associates to handle medical records (called Protected Health Information or PHI) in ways that protect the privacy of patients while ensuring the integrity of their records.
Doctor's offices and other healthcare providers are required by law to protect their electronic records in several ways.
Penalties for failure to comply with HIPAA can be stiff. Wrongful disclosure of PHI can cost a healthcare provider $50,000 and imprisonment for up to a year. Additional penalties for more serious violations can amount to $250,000 and imprisonment for up to ten years.
Who must comply with HIPAA?
There is no official certification for software used to help comply with HIPAA or for online backup service providers. The Act does not specify any type of software. It only specifies procedures and methods used to achieve compliance. Pronetsys is fully compliant with all HIPAA requirements in sections 164.308(a)(7)(i), 164.308(a)(7)(ii), 164.312(a)(1), 164.312(d), 164.312(c)(1), and 164.312(c)(2).
Online Backup Service Providers are not "covered entities" or "associates" as defined by HIPAA, and thus are not required to comply with HIPAA.
Pronetsys does not offer legal advice. Contact a lawyer or refer to the U.S. Department of Human Services' website at http://www.hhs.gov/ocr/privacy/
