Dental Data Safety – Backups and Encryption

If you didn’t already see it on DentalTown, you should see this media story and TV video about the dental data breach in Williamsport, PA.  What a practice builder!  It may set your hair on fire!

http://wnep.com/2013/12/09/stolen-data-on-thousands-of-williamsport-area-dental-patients/

I have no idea who this poor dentist is but the case illustrates some of the very big, and potentially costly, mistakes dentists often make concerning their dental data.

  1. The days of backing up on external devices such as hard drives and usb drives are over!  Don’t do it! There are much better, automatic, safe ways to backup these days (see below).
  2. All dental data must be encrypted! This means encrypted on your server, on any other computer(s) to which you backup in the office, in the “cloud” service backup and on your computer(s) at home to which you “restore” from the cloud.  Data encryption and usually free. I have been saying for several years that an IT person who does not at least discuss data encryption with his/her dentist-client is committing professional malpractice. (The IT person is committing malpractice, not the dentist.) And HIPPA will severely punish a dentist who loses a copy of unencrypted data.
  3. Backup should be entirely automatic. People, unfortunately, are just not as dependable as machines. Machines never “forget” or have to “leave early.”  And automatic backups, like data encryption, should be free or very close to it.
  4. Backups must be checked often to be sure they really have the data on them you think is on them. I have seen many dental practices (and lots of other businesses) loose months and even years of data because they only thought they were backing up!  They went through the “backup ritual” but didn’t check!  Remember what NASA says, “One test is worth a thousand expert opinions!” (See #3 below)

(For additional information on do it yourself data encryption, here is a link to a short article I wrote on the subject.  It is a pdf and may take a minute to download.)

How should you backup your dental data?

IMHO, you need three backups:

  1. Computer to computer in your office at night (free); to 2 or 3 workstations that could become “new servers” in a few minutes if necessary. You can backup automatically to another computer every 10 minutes without appreciably slowing your dental management software, depending upon what software you are using. You should certainly backup automatically to each of these computers at night – that’s possible with all brands of dental management software.
  2. “Cloud” backup automatically each night with something like CrashPlan. Cheap, HIPPA compliant, encrypted, etc.  For paperless dental offices, the State of California requires daily off-site data backup but this should be considered mandatory for any dental office, paperless or not, just for business reasons.
  3. “Restore” automatically from cloud backup onto a computer(s) at your hour home every night after the cloud backup. This gives you an off-site computer you that has all your current data. You do not need to wait for download from the cloud to get back in business if your office burns to the ground.  (You just need to find a place to practice!) This is free, easy, and gives you can easily check the validity of your backup by just looking at the data on your home computer every day. Is the crown you did yesterday showing up on your home computer today? But remember to be sure the hard drives on your home computer(s) are encrypted!

Disaster Recovery

What do you do if you discover you are the person who went through the “backup ritual” but ended up with no useable data to “restore” when the server went down?

The Suicide Prevention Hot Line is one thought.

But before you try that, try one of the hard drive recovery services such as Driver Service http://www.driveservice.com/) (there are lots of others – Google “hard drive data recover”).  They can almost always recover your data. They are not cheap but compared to total data loss, well worth it.

Again, IMHO, this is not a job for most local IT people!  However well-intentioned, I have seen some “iatrogenic catastrophes” when such data recovery was attempted by unqualified IT people.

Whatever you do, DO NOT try to restore a questionable data set back onto your server!  You could wipe out salvageable data! But you can and should attempt to restore the questionable data onto another machine to see what data you have.

Regardless of your gender, when it comes to data safety, you need to be a Boy Scout – “BE PREPARED!”