Recent news about the rising threat of cybercrime has dentists and other healthcare providers on high alert. Data loss is not solely due to cyberattacks. Hardware failures, natural disasters or human error can also lead to data loss. Regular backups safeguard against these unforeseen events, ensuring that essential information is recoverable.
The High Cost of Data Loss
TDIC’s Risk Management Advice Line reports one California dentist lost all his patient records when his hard drive crashed. When he attempted to restore the data by accessing his backups, the dentist discovered his system had not been backing up for two years.
“Having a backup system for storing information is critical, but it is also critical to check those systems,” said Sheila Davis, assistant vice president of TDIC’s Risk Management department. “If you don’t perform regular backups, and you don’t check to make sure those backups are functioning, you run the risk of losing everything.”
In the case above, the dentist did lose everything — and then some. Not only did he have to spend thousands of dollars to rebuild his system, but he also had to recreate patient files. Because dental benefit companies require documentation for claim reimbursement, he had to retake patient radiographs. Furthermore, the dentist had to cross his fingers and hope that his patients were honest enough to pay what they knew they owed because he had no billing records.
“There was a chance he would have to write off a significant amount of income should patients refuse to pay their bills,” Davis said. “Most people are understanding when it comes to computer glitches, but it’s still a risk.”
The Case for Backup Data
Whether from human error, viruses, technical malfunctions, natural disasters or theft, data loss can have a huge impact on any business. In fact, nearly half of all small businesses in the U.S. have experienced some form of data loss according to online backup provider Carbonite. Accounting firm Price Waterhouse Coopers found that 7 out of 10 small firms that experience a major data loss go out of business within a year.
Luckily, there are ways to avoid complete devastation. Topping the list is making sure your backups are running regularly and accurately.
“Too often, people forget to check their backups,” Davis said. “Backups are a fail-safe. But even fail-safes should be double checked.”
John Christopher, senior manager of marketing communications at DriveSavers Data Recovery, said one of the biggest mistakes small business owners make is failing to monitor the performance of their backup systems.
“Backups are not routinely evaluated for effectiveness,” he said. “Often, data is lost when the administrator of a computer system believes the backup system is functioning when it is not. Then, when the primary system fails, there isn’t a backup. Backup systems must be regularly maintained, and files that have been backed up must be regularly reviewed to ensure that scheduled backups are functioning properly and all copied data is corruption-free and useable.”
Cost is one of the major reasons business owners fail to back up their computers. There are upfront costs, such as hardware, and ongoing costs, such as monthly monitoring fees and storage fees. But the costs associated with a data loss are much greater, so maintaining backups is a small price to pay.
“Dentists with up-to-date backups can be back to work within a few days,” Davis said. “Those without can spend weeks trying to get up and running again.”
Another reason dentists fail to back up their data simply comes down to frequency and continuity. Recent studies of businesses found that 41% of users “rarely or never” back up their data. Of those who do, only 10% back up their data daily, while 34% run data backup monthly. Despite the efforts of users who do back up data, one survey found that 79% of businesses have experienced a cloud data breach, and 43% have experienced more than 10 breaches in recent years.
Why the discrepancy? Half-measures don’t provide full protection. Real-time backups make the difference. “What could be more time consuming than having to rebuild your entire system and reconstructing all of your patient records?” Davis asked.
Most experts recommend real-time backups, also known as continuous backups, in which changes are automatically saved as they are made. That way, if a data loss does occur, there will be no gaps in data recovery. Other options include conducting a full backup at a set time, such as once a day or once a week.
“The real question is, what’s your risk tolerance? How much data are you willing to lose? A week’s worth? A month? A year?” Davis asked.
Data Storage Location Matters
Another consideration is where to store your backups. Many practice owners use external hard drives, but these can also fail if they are connected to a network when a virus strike or a malfunction occurs.
And when it comes to physical or environmental threats, hard drive storage can be threatened. If you store your backups locally on an external hard drive, they could potentially be destroyed in the same disaster that takes down your primary systems. When it comes to natural disasters, you can’t rely on just any backups to prevent your practice from losing data – they must be stored in a separate location, such as a cloud environment.
Many business owners are now opting for cloud-based storage, which allows continuous backup and access to data at any time. HIPAA considerations apply when choosing cloud storage, and dentists should sign a business associate agreement with any cloud service provider.
Prior to signing any contract or agreement with a cloud service provider, TDIC’s Risk Management analysts recommend reviewing the contract carefully to understand the terms and conditions of data storage, access and security measures to ensure that the contract aligns with your office's security requirements.
Learn more about business associates’ compliance requirements in the U.S. Department of Health and Human Services’ guidance on HIPAA and cloud computing or the ADA's HIPAA resources. State laws regarding how patient medical information should be kept private are sometimes even more stringent, and providers must abide by both state and federal rules.
“We advise dentists who perform hard backups to disconnect the drive and store it off-site in a secure location. Better yet, we recommend investing in a HIPAA-compliant cloud-based data backup service,” Davis said.
Christopher notes that it’s best to have multiple backups stored in multiple locations.
“Keep one backup off-site in case some type of accident or disaster occurs,” he said. “Automate your backup system so there is less likelihood of human error. Regularly check the data on your backup devices to ensure it is useable and to ensure that backups are performing as expected.”
Finding Resources and Support
If you have concerns about practice data management in the face of cyber security threats or weather-related disasters, contact TDIC’s Risk Management Advice Line.
TDIC’s Risk Management experts have created a wildfire resource page to aid policyholders in understanding coverage, preparing practices and safely responding to disruption caused by wildfires. Contact TDIC to review your coverage options or learn more about managing your risks. Additional information on preparing for an emergency can be found on the Federal Emergency Management Agency website.
TDIC’s Risk Management Advice Line is a benefit to TDIC policyholders. To schedule a consultation with an experienced risk management analyst, visit tdicinsurance.com/RMconsult or call 1.877.269.8844.