Six percent of all Personal Computers (PCs) will suffer data loss in a given year. That amounts to 4.6 million episodes of data loss, based on the number of computers used in business during 1998. What is your practice doing to guard against data loss? Do you have a comprehensive disaster recovery plan that will protect your data?

Data loss due to failed hard drives or other disasters is a serious problem with severe consequences for your practice. 34% of companies fail to test their tape backups, and 77% of those that do test their tape backups found failures. 31% of PC users have lost all of their files due to events beyond their control. Ultimately, 60% of companies that lose their data will shut down within six months of the disaster.

If you lose data due to a crashed hard drive, sometimes it is possible to recover the data. However, using a data recovery specialist is expensive. Diagnostic fees can be as much as $500. Costs for actually recovering the data typically start around $1000 and can skyrocket up to $25,000.

As a general rule of thumb, your IT provider should recommend replacing PCs every three years and servers every five years. Hard drives should be exchanged every two years when possible. External hard drives, which are popular for onsite backups, should be replaced every year. External hard drives, like laptop hard drives, are more susceptible to failure because of constant use and heat buildup. You should supplement hard drive rotation with on and offsite backups.

Although many practices still rely on paper charts, over 90% of practices use some form of electronic billing. Any provider or office manager will tell you that billing is the life blood of their practice. Losing electronic claims would be disastrous for any medical practice. The stakes will become even higher as practices make the inevitable switch to Electronic Health Records (EHR).

Did you know that the HIPAA Security Rule requires you to have a disaster recovery plan? Section 1.7 requires a data backup, disaster recovery, and emergency mode operation plans. In addition, the Health Information Technology for Economic and Clinical Health (HITECH) Act amended HIPAA law to increase the fines to $50,000 per incident, up to a maximum of $1.5 million if your practice is found to be in willful neglect.

Your practice is required by law to take disaster recovery seriously. If you do not currently have a disaster recovery plan, your practice could be liable for fines up to $1.5 million. Please feel free to contact us if you want more information about data loss, disaster recovery, or the HIPAA security rule.

Ryan Ricks
Security Officer

in association with:

Jonathan Wofford
B & J Computer Consulting, Inc