ComptronX Offsite Backup

ComptronX is now offering our clients a secure, cost effective offsite backup solution. Data is encrypted and transported via the internet to a secure server accessible in the event of a catastrophic hardware or location site disaster. This backup is HIPAA secure.

The general requirements of the HIPAA Security Rule establish that covered entities must do the following:

  • Ensure the confidentiality, integrity and availability of all electronically protected health information the covered entity creates, receives, maintains or transmits.

  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.

  • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required.

  • Ensure compliance by the workforce.

 The remote backup helps comply with the HIPAA security and privacy rules by:

  • Encryption of data during backup: All data being backed up is encrypted with 448-bit Blowfish encryption prior to transfer and sent through a secure 128-bit SSL tunnel to the datacenter.

  • Encryption of data on servers: All backed up data maintains the 448-bit Blowfish encryption while stored "at rest" in the datacenter.

  • Physical security: The servers are located in a Tier 4 datacenter protected by gated perimeter access, 24 x 7 x365 on-site staffed security and technicians, electronic card key access, and strategically placed security cameras inside and outside the building.

Remote/offsite backup: As an automated remote or offsite backup and a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion, and natural disaster.

Private and public encryption keys: Users have a choice of using a  generated 448-bit key or managing their own private key to encrypt their data.

Logical access: Backed up data may be accessed via the password protected, web-based  administrative console by supplying a valid encryption key.

Written contingency plan: The HIPAA Security rule requires that covered entities have a written contingency plan for responding to system emergencies, including a detailed plan concerning the data backup and recovery process in the event of a disaster.

Note: There is no standard "HIPAA certificate of compliance" for backup software and services. For more information about HIPAA and HIPAA compliance, contact your legal counsel or refer to the HIPAA section of the U.S. Department of Health and Human Services' website: http://www.hhs.gov/ocr/hipaa/