Call us directly: 1-787-412-6430

7000 N Plaza Austin, TX 78753 USA View Location

100 Blvd Paseos 1030, PR 00926 USA View Location

Apr 26

Compliance without complications

HIPAA requires covered entities to develop plans and implement procedures to back up data and otherwise enable disaster recovery and continuity of operations, all under the contingency planning standard within the administrative safeguards described in 45 CFR 164.308. There is also language in the physical safeguards in 45 CFR 164.310 that data backups should include retrievable, exact copies of PHI before moving equipment, but this is an addressable standard, not a mandatory requirement. Nothing in the regulations specifies how backups must be performed, or where backup data must be stored. There are many backup service vendors that claim that HIPAA requires offsite storage of backed up data, but this simply isn’t part of the security rule. This is not to say that offsite backup storage isn’t a good idea – it’s a well established security practice and arguably an essential component of a disaster recovery strategy. There is no statutory requirement covering offsite backup, and certainly no rule on the distance between offsite storage and the operational site.

Compliance without complications.

Our compliance department works with independent external auditors and to meet the most stringent industry standards and make available to customers the results and information they need for their own needs in accordance organizations.

Physical and virtual control of our facilities, network and portal customers are an extension of their own and facilitate obtaining the information it needs for its own audits.
Compliance with HIPAA

HIPAA (and Accountability Act Health Insurance Portability US) requires specific security controls for companies that store or process health information online. Our cloud platform meets all requirements for HIPAA with respect to the service provider or data center.