RELAX

Auditing, Back-Ups, and Disaster Recovery

HIPAA’s Security Rule requires in-depth auditing capabilities, data back-up procedures, and disaster recovery mechanisms.

In designing our information system to be consistent with HIPAA and HITECH requirements, we put auditing capabilities in place to allow security analysts to examine detailed activity logs or reports to see who had access, IP address entry, what data was accessed, etc. This data is tracked, logged, and stored in a central location for extended periods of time, in case of an audit. We run activity log files and audits down to the packet layer on our dedicated virtual servers. We can track any IP traffic that reaches our virtual server instance. Our administrator backs up the log files for long-term reliable storage.

Under HIPAA,  a contingency plan to protect data in case of an emergency must be created and maintained to retrievable exact copies of electronic PHI. To implement a data back-up plan we have a persistent storage for our virtual server instances. These volumes can be exposed as standard block devices, and they offer off-instance storage that persists independently from the life of an instance. To align with HIPAA guidelines, we create point-in-time snapshots of EBS volumes that automatically are stored and are replicated across multiple Availability Zones, which are distinct locations engineered to be insulated from failures in other Availability Zones. These snapshots can be accessed at any time and can protect data for long-term durability. LifeLab also have a solution for data storage and automated backups. By simply loading a file or image into memory, multiple redundant copies are automatically created and stored in separate data centers. These files can be accessed at any time, from anywhere (based on permissions), and are stored until intentionally deleted.

Disaster recovery, the process of protecting an organization’s data and IT infrastructure in times of disaster, is typically one of the more expensive HIPAA requirements to comply with. This involves maintaining highly available systems, keeping both the data and system replicated off-site, and enabling continuous access to both. The LifeLab platform inherently offers a variety of disaster recovery mechanisms. Administrators can start server instances very quickly and can use an Elastic IP address (a static IP address for the cloud computing environment) for graceful failover from one machine to another. Administrators can launch instances in multiple Availability Zones to create geographically diverse, fault tolerant systems that are highly resilient in the event of network failures, natural disasters, and most other probable sources of downtime. A customer’s data is replicated and automatically stored in separate data centers to provide reliable data storage designed to provide 99.99% availability.