Your EHR vendor should have a stragegy in place for most, if not all, catastrophies. Tapes should only be ONE of many LAYERS of protection you have in place. In addition to daily on-site backup tapes, you should consider off-site tapes as well. Make sure you encrypt your tapes, just in case one is stolen / lost in transit (so you won’t have to invoke / comply with the HITECH public embarrassment/announcement rules).
How about backing up to a NAS routinely (hourly)? Off-site real-time / near real-time backup to HIPAA-compliant locations via the Internet? Local and on-site mirrored / hot servers?
Important things when it comes to backups are: 1. Versioning 2. Redundancy 3. Verification and 4. Actual testing / diaster drills.
