In July of this year, the paid Salesforce disaster recovery service will be sunset. Here’s what healthcare providers need to know about storing PHI.
Malicious intent, buggy code, and integration issues are just three common causes of data loss in a Health Cloud instance – and that doesn’t even cover the likely scenario – human error. And once data is lost, it commonly takes at least a week to reconstruct a dataset that is outdated at best.
Backup is not Optional
HIPAA requires covered entities to produce exact copies of PHI in the event of data loss, so it’s not just important to have backups – it’s vital to have frequent backups as a part of any Salesforce disaster recovery plan.
Most clinics and speciality providers can’t afford the costly fines and negative press that result from even short periods downtime. Plus, as consumer expectations for 24/7 on-demand access to their information increases, patients won’t accept it.
Understanding Your Health Cloud Data
Your Health Cloud instance contains two basic types of data – data and metadata. Think of data as the content, and data as the structure.
Here’s a breakdown:
The content of your database
The structure of your database
- Custom Objects
- Page Layouts
- Apex Code
- Visualforce Code
Some backup solutions, including the Salesforce disaster recover option, only back up data. This means large amounts of investment in custom development and configuration is at risk – without metadata, you’re looking at weeks or years of re-developing page layouts, dashboards, and custom APEX or Visualforce code.
HIPAA puts the responsibility of backing up data solely on you, the covered entity. Remember that:
- Data backup is not optional
- Data must be encrypted in transit and at rest
- Data must be quickly recoverable
- Data should be backed-up remotely
- Your Salesforce instance needs to be HIPAA compliant
Apart from the obvious benefit of avoiding HIPAA fines, frequently backing up your data as part of a Salesforce disaster recovery plan has a positive business impact from the perspective of cost and performance.
- Less Data, Less Storage Costs
Storage costs can be significantly lowered if you’re not keeping outtdated data in your Salesforce instance. Having reliable archives mean you can delete old data with peace of mind.
- Less Bloat, Better Performance and User Experience
Likewise, irrelevant data is a leading cause of bloat in a Salesforce instance. Bloat not only leads to reduced system performance, but also poor user experiences.
Salesforce Disaster Recovery: Backup Best Practices
When consulting healthcare clients on which backup solution to implement, our solution engineers ensure that anything we recommend meets the following criteria:
- The system meets all requirements of HIPAA, including encryption, storage policy, data retention, and recovery time.
- The system backs up both data and metadata.
- The system can reliably back-up every environment, including sandbox and production.
- The system can robustly compare different backups to determine data and system changes.
- The system allows at least a daily backup frequency