From an article by 

Ahmed Mori:

“It seems like you need to choose so many things these days – Meaningful Use certified EHRs, a capable practice management system, and even what computers you want your practice using.

Now, most of us associate data backup with a hard drive, or maybe even some flash external storage. But remember, you’re dealing with sensitive personal health information, and you want to be sure you don’t lose your data in the event of an emergency.

Perhaps it’s time to turn to a data backup service, you know, since HIPAA deemed secure data backup not optional. See below for some assistance.

Requirements for HIPAA Compliant Backup Providers
It’s time to be a little blunt. Many will read and not fully understand HIPAA. But a genuine attempt at cracking the code doesn’t excuse you from not complying. Plus, when put simply, the requirements aren’t half bad.

As far as data backups are concerned, there are three required elements, or safeguards, under HIPAA that are necessary for a compliant backup provider.

It is important to note that even if you go into recovery mode, it is required these safeguards hold up.”

Those requirements can be found in the original article: