Happily, there are only two things that can go wrong with the data stored in your computer systems: Either 1) something unfortunate happens and the right people can’t access it properly, or 2) something even more unfortunate happens and the wrong people CAN access it. Unfortunately the majority of dental offices are not doing enough to prevent either of these eventualities.
Backup, backup, backup
The single most important thing that can be done to ensure that electronic records are not lost is to back them up. Some offices employ multiple backup processes to ensure that if one fails they have a backup (for the backup). There’s nothing wrong with an appropriate level of paranoia when it comes data protection. A comprehensive backup scenario must meet four requirements:
1) Adequate Frequency: A routine or scheduled backup should occur at least daily (or nightly), and should be overwritten no sooner than weekly. Some offices run a backup midway through the day as well. Additionally, it’s important to maintain backups that represent data going back several days, and not only the day/night before. It’s often important to be able to restore data that’s older than the previous day. Ideally, weekly or monthly backups are stored for longer periods.
2) Adequate Physical Separation: The backup data should be stored in a location that is likely to not be impacted by any disaster that occurs at the location housing the production data. Events such as fires, floods, and theft that might impact the office should not also impact the backup data.
3) Appropriate Data Source: All of the important data needs to be part of the backup set. Some backup programs are not able to backup files that are in use, and if applications are left open at the end of the day it may be impossible to backup the data contained within them. Make sure that your backup includes the data you need.
4) Adequate Logging and Recovery Checking: It is very common for users to discover that although they thought their data was being backed up, it actually was not. Hardware failures, configuration and software changes, and media problems are common reasons that backup systems stop working.
Let’s look at some common backup devices
Tape backup–DAT and Travan tapes are the most common backup media used in dental offices today. DAT drives are much more expensive, but are more reliable and last significantly longer. The actual DAT media is conversely less expensive than the Travan media. The difficulty with this type of backup is that the tapes and drives eventually wear out, and they are relatively slow to backup. However, there are three important reasons that tapes are used most commonly: They can hold a very large amount of data, they can be rotated daily, and the tapes are relatively reliable.
CD/DVD writers–CDs and DVD media are readily available, inexpensive, easy to use, and useful for a variety of reasons. Many offices successfully use re-writable CDs (CDRW) to perform daily backups. Using a write-one-time CDR to do an extra monthly or weekly backup that is kept indefinitely is a great idea. Unfortunately, these devices don’t hold very much data, and cannot be used in situations where anything but the most basic data needs to be stored.
Various magnetic media–Zip, jazz, and even floppy disks can be used to store very small amounts of data. Although they are much slower than current CDRW devices, they are generally very dependable and easy to use. The advantages and limitations of the CD media apply to these products, with the exception that magnetic data will fade faster with time.
Removable hard drives–External USB drives, or removable IDE or SCSI hard drives provide a very quick method of backing up large amounts of data. Unfortunately a hard drive is one of the most likely things to fail in a computer system and removable drives are therefore considered to be less reliable than tapes. An additional problem is that most offices using this approach have a single removable drive that is used each time, and are therefore without a sequential daily backup with the ability to restore older data.
Replication–Large practices sometimes have backup servers that are available in the event that something happens to the main server. It is also common practice for a dental server to be built with either hardware or software mechanisms to replicate data from one hard drive to another on a continuous basis. These systems can often save a practice the frustration of being offline, but if records are deleted, they are deleted from the replica at the same time. Replication processes are therefore not a replacement for a daily backup to another media.
Computer to computer–Storing a copy of the data from the server on another workstation in the office is a great way to ensure that data will be quickly available in the event of a server failure. Simply changing some path entries can allow the office to continue working with the data on another machine. The two main problems with this type of backup are that the data remains in the office, and sits on devices that are as likely to be damaged or stolen as the main data, and there may not be a way to retrieve older data. A rotating sequence of backups to various computers in the office can resolve part of this issue.
Offsite backup–Data transferred across phone lines or an Internet connection to a remote backup facility is often called ‘offsite backup’. Of course, all backups should be moved ‘offsite’, but using a data connection to move it there quickly is an excellent idea. Small amounts of data such as Practice Management Software data can be easily stored in this manner. If you are storing significant amounts of information in an Offsite Backup facility, also remember that you may need to get that data back at some point. Some facilities can courier the data in various formats, or even return a computer to you with the required applications ready to run with your data.
Make sure that the backups and backup logs are being checked routinely. It’s an especially good idea to include a test file in the backup process, which you can erase occasionally and then retrieve from the backup set.
Training
User error is the most common cause of data loss in any system. All staff need training on the Practice Management Software, the Imaging Software, and on the proper use and function of the computer system. Mistakes happen, but catastrophic ones are less common in offices that put a priority on the understanding and correct usage of the computers and software. Make sure that everyone understands what is considered ‘safe practices’ in regards to Internet usage, email, and anti-virus protection.
Firewalls
Most dental offices have a connection to the Internet of some kind. That connection can potentially allow a ‘hacker’ to access the office and its data from the Internet. A ‘firewall’ is a hardware or software mechanism that prevents those unwanted connections. It’s usually safer to use a hardware device since it’s less likely to be turned off or disabled. Hardware firewalls are available starting at under $100.
Anti-virus protection
Computer viruses were once a common way for systems to permanently lose data. Today, because most viruses are written to perform functions that are a little more ‘creative’ than simply deleting data, and because virus removal programs and techniques are better, it’s rare that data is actually lost due to a virus infection. It’s much more likely that a virus results in ‘only’ downtime and an expensive virus removal undertaking. A scenario that is more common today is that of a virus infection resulting in access to your data by other parties. Some viruses allow external users to connect to your system, and some broadcast your documents or previous emails to outside parties. Clearly, either scenario is disastrous for a dental practice.
It’s critical that updated Anti-virus software be running on all computers, system areas of hard drives are not shared, dangerous email attachments are never opened etc.
Physical security
Commonly, computers in dental practices are positioned in areas that are accessible to patients. Screen-savers are available that ‘lock’ a system unless the correct password is input. Use these on machines that might be accessed by unattended patients in the operatories or hallways. Make sure that any computer available as a courtesy to patients in the reception area has no physical connection to the rest of the office. If you are using a wireless hub of any kind, ensure that the security features are enabled to prevent access from unwanted users. Most importantly, make sure that staff know to stop any non-staff person from accessing the computers.
Sooner or later, an incident will occur in your practice that results in the need for you to think long and hard about the safety of your data. With the proper planning, implementation, and follow-up, data ‘events’ can be acted upon in a fairly routine way, resulting in minimal or no data-loss.
Craig Wilson is the CEO of Compudent Systems Inc., an IT company specializing in customized computer installations for dental offices.
