HIPPA Computer & Data requirements
According to Federal HIPPA regulations, published in February of 2003, all medical offices must be compliant in the following areas regarding computers and networks. Compliance is mandated by May, 2005. The regulations are known as 45CFR Parts 160, 162, & 164. (Click here) Although very lengthy, the regulations can be condensed to the following information.

Application and data criticality assessment
Disaster recovery plan
Off-site Data backup plan
Emergency operations plan
Procedures for above in place

Application and Data Criticality Assessment
Offices need to perform a review of their hardware, software, and personnel to determine what items are considered to be core items for their business. These items need to be documented and copies stored off-site.

Contingency Planning
Offices need to have plans in place to cover natural and man-made disasters, personnel issues, and computer and network issues or failures. These need to be plans to follow in the case of one of the above occurrences.

Disaster Recovery Plan
This plan needs to be in place to cover all the specific details of recovering from a major event, as outlined in contingency planning. You will probably need several different plans to cover multiple events. This is where it is crucial to have off-site data backups, and copies of your core business software.

Off-Site Data Backup Plan

Patient and business data must be backed up to a secure off-site location on a daily basis. Data must also be encrypted for further security. Any data sent over the open Internet must be heavily encrypted and secure. This requirement is in addition to any computer backups that are done and stored at the office. All of your core business computer software should also be backed up off-site to allow you to reinstall on new equipment.