We all know that data is important, and we need to back it up. Whether a hard disk stops working, or your network has been invaded by “ransomware”, having a proper backup can definitely save your rear end.
Obviously, if you are using cloud-based practice management software you don’t need to worry about this; for the rest of us there are a few rules to follow from IT colleagues of mine:
- Test your backups. To paraphrase an old cliche “You don’t need a backup until you need one and when you need one you really, really need one”. Testing a backup of practice management software isn’t easy — you need to restore it to a “clean” install of your practice management software to make sure that it works. With most software, there are several critical files that, if not backed up, will make you unable to restore a working copy.
- Always back up data; never back up software. Your practice management software is easy to rebuild if needed (usually as a download from the company that owns it), so there is no good reason to back it up. And it also presents a danger — if your backup media is lost, someone finding it will have both your data and the means to read it. Data without the software is usually quite difficult to extract, and backing up your software provides little benefit to you but makes it much easier if someone comes into possession of your data.
- Don’t use flash drives for your backup. The storage of small USB drives has increased dramatically over the past few years, and it is tempting to use them as backup media. However their small size is also their downfall; it is far too easy to lose one and not realize it. However if a portable hard drive falls out of your pocket, you will definitely notice.
- Backups need to be taken off-site. Backing up to a hard drive next to your server will not help you at all if your office burns down.
- Encrypt your backup. Practice management software, except in very outdated systems, is already encrypted. However, there are often a few files that are backed up that aren’t encrypted, and many offices back up other office files in addition to practice management software. So encrypting and protecting your medium with a password provides a good (and easy to implement) additional layer of security. And you really don’t want a HIPAA breach, do you?
- Be careful with “incremental” backups. These are backups limited to things that changed since the last backup. This is normally done if the data set is really, really big, but makes the job of restoring from backup much harder (typically you must restore the last full backup, and then every incremental backup made after the full backup, in sequence.
- Redundancy is key. If something is important (and your practice data certainly qualifies), it should be backed up at least twice (e.g. one backup to the cloud, and another to a physical medium).
- Cloud backup needs to be used carefully. Most cloud backup might not be HIPAA compliant, so some research needs to be done, and, just like backup to a physical medium, cloud backup should be properly encrypted.
Hopefully you never need any of this, but in case you do…