Lightsaver solution fully HIPAA compliant Print

  • 81

The Health Insurance Portability and Accountability Act (HIPAA) in USA states that health care professionals are required by law to back up their files and store them, encrypted, so they can be recovered in the event of a fire, natural disaster, or other catastrophe.

HIPAA requires healthcare providers and their business associates to handle medical records (called Protected Health Information or PHI) in ways that protect the privacy of patients while ensuring the integrity of their records.

Doctor's offices and other healthcare providers are required by law to protect their electronic records in several ways.


  • Make sure that only authorized people can access them;
  • Verify the identity of anyone requesting access;
  • Make sure the records are not improperly altered or destroyed;
  • Verify that the records have not been altered or destroyed in an unauthorized manner;
  • Be able to recover copies of records in the event of fire, natural disasters, or other catastrophe;
  • Back up electronic records;
  • Establish a Disaster Recovery Plan.
  • Penalties for failure to comply with HIPAA can be stiff. Wrongful disclosure of PHI can cost a healthcare provider $50,000 and imprisonment for up to a year. Additional penalties for more serious violations can amount to $250,000 and imprisonment for up to ten years.

    Who must comply with HIPAA?


  • Doctors, Dentists, Optometrists, any healthcare provider who keeps medical records (Protected Health Information or PHI);
  • Health Plans;
  • Healthcare clearing houses;
  • Medical billing companies;
  • Insurance companies;
  • Any associate of a healthcare provider who has access to unencrypted PHI.

  • There is no official certification for software used to help comply with HIPAA or for online backup service providers. The Act does not specify any type of software. It only specifies procedures and methods used to achieve compliance. Pronetsys is fully compliant with all HIPAA requirements in sections 164.308(a)(7)(i), 164.308(a)(7)(ii), 164.312(a)(1), 164.312(d), 164.312(c)(1), and 164.312(c)(2).

    Online Backup Service Providers are not "covered entities" or "associates" as defined by HIPAA, and thus are not required to comply with HIPAA.

    Pronetsys does not offer legal advice. Contact a lawyer or refer to the U.S. Department of Human Services' website at

    Was this answer helpful?

    « Back