Are you Backing up your Images? I have completed quite a few security assessments this month and I am finding huge amounts of data in a file called “images”. For many medical practices, they do various kinds of testing. Especially plastic surgeons. I have seen image files for Allscripts, document managing systems, nuclear studies, etc. These image directories are sitting out there on servers, and practices are sometimes not aware of it. They are backing up their EMR and Quickbooks, but the image directory is being over looked.
Are you Backing up your Images?
The way to find out is easy. Contact your IT staff and make sure you are backing up every directory on your server, and every shared directory. If you have a NAS (Network Attached Storage) make sure there is a backup solution for that device as well. Add it to your disaster recovery plan as well.
Having images on your servers can be dangerous. These are an important part of ePHI and could cause problems to the patient if lost or stolen. If you are using systems that create images out of your medical records, make sure you account for this with your HIPAA security assessment.