Five essential tips for maintaining HIPAA compliance

January 28, 2015

If you're a healthcare or insurance professional, your business probably needs to comply with HIPAA, the Health Insurance Portability and Accountability Act.

The U.S. Congress passed HIPAA in 1996, creating regulations designed to provide the ability to transfer and continue health insurance; reduce healthcare fraud and abuse; mandate industry-wide standards for healthcare and electronic billing; and require the protection and confidential handling of protected health information (PHI).

At Carbonite, we're proud to offer solutions that support your HIPAA compliance and help your organization adhere to both the letter and the spirit of the law. For those of you that are covered under the law, here are five quick tips for maintaining HIPAA compliance:

1. Understand key definitions
HIPAA is full of phrases that have very specific meanings. It's a good idea to thoroughly educate yourself on their meanings to ensure compliance. For example, the phrase "confidential handling of PHI" refers to the implementation of appropriate administrative, technical and physical safeguards.

2. Backup all patient records
All entities covered by HIPAA, including medical practices, are required to establish and implement procedures to create and maintain retrievable exact copies of electronic PHI.

3. Remember to keep backups of electronic PHI offsite
HIPAA requires that backup copies of electronic PHI be stored in a separate location from the original data store. Furthermore, the electronic PHI backup copies should be encrypted to meet the security measures recommended under HIPAA.

4. Make sure your backup solutions provider supports HIPAA compliance
Carbonite Pro and Carbonite Server plans support your HIPAA compliance by implementing appropriate administrative, technical and physical safeguards to ensure the confidentiality, integrity, and availability of PHI.

5. Enter into a "business associate" agreement with your backup provider
HIPAA requires that covered entities enter into agreements with "business associates." These agreements are known as Business Associate Agreements. A "business associate" is any person or entity that creates, receives, or maintains PHI on behalf of the covered entity. This includes any backup provider. Carbonite Pro and Carbonite Server offerings support HIPAA compliance because Carbonite implements procedures to comply with the HIPAA Breach Notification Rule and, as part of those plans, Carbonite will enter into a Business Associate Contract with covered entities.

More on HIPAA compliance
For more tips on how to properly and efficiently maintain HIPAA compliance be sure to watch the brief and informative webinar below. In this webinar, you'll learn:

  • More about what HIPAA is and why you should care about it
  • Information about your data backup requirements
  • How a backup solution like Carbonite can help support your HIPAA compliance efforts


  • Solutions