This Waiver of Liability and Refusal of Backup Services is made and effective on (“EFFECTIVE DATE”).
BETWEEN:
easyTEK.technology, LLC (D.B.A. easyTEK.technology), a Limited Liability Corporation (LLC)(S-Corporation), organized and existing under the laws of the States of Colorado, with its corporate office located at:
- 11052 Twenty Mile RD, APT 200, Parker, Douglas County, Colorado 80134-5101 United States of America +1 720-807-4500 - Phone +1 720-817-3964 - Fax [email protected] - E-mail
AND:
myODIE.com, LLC (D.B.A. myODIE.com), a Limited Liability Corporation (LLC)(S-Corporation), organized and existing under the laws of the States of Colorado, with its corporate office located at:
- 11052 Twenty Mile RD, APT 200, Parker, Douglas County, Colorado 80134-5101 United States of America +1 720-439-3838 - Phone +1 720-439-3839 - Fax [email protected] - E-mail
AND:
"CLIENT"
WHEREAS easyTEK.technology, LLC will be engaged in the performance of work relating to Information Technology Managed Service Provider (MSP); and
WHEREAS myODIE.com, LLC will be engaged in the performance of work relating to Information Technology Technical Support Provider (TSP); and
WHEREAS “CLIENT” is requesting to sign this Waiver of Liability and Refusal of Backup Services offered by MSP and TSP.
NOW, THEREFORE, it is agreed as follows:
As your Managed Service Provider (MSP) and Technical Support Provider (TSP), one of our roles is to back up and/or recover data, potentially including Electronic Protected Health Information (e-PHI), in accordance with specific HIPAA Security requirements:
- §164.308(a)(7)ii)(A) - Data Backup Plan (Required): Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information.
- §164.308(a)(7)ii)(B) - Disaster Recovery Plan (Required): Establish (and implement as needed) procedures to restore any loss of data.
- §164.308(a)(7)ii)(D) - Testing and Revision Procedures (Addressable): Implement procedures for periodic testing and revision of contingency plans.
- §164.312(e)(2)(i) - Integrity controls (Addressable): Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of.
- §164.312(e)(2)(ii) - Encryption (Addressable): Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.
In addition, failing to backup any data, potentially including Electronic Protected Health Information (e-PHI) that is stored either on local devices or in the cloud poses significant ransomware risks, as ransomware attacks can have severe consequences for data availability, integrity, and compliance. Here are some specific risks associated with not backing up your data:
- Data Loss: Ransomware attacks can encrypt data, leading to potential disruptions in healthcare services and compromising patient care.
- Service Disruption: Ransomware attacks can disrupt cloud services, impacting the ability to deliver timely and effective patient care.
- HIPAA Violations: Failing to back up data and prevent ransomware attacks can result in HIPAA violations and legal consequences.
- Patient Privacy Breach: Ransomware attacks may expose sensitive patient information, violating privacy regulations, and damaging trust between patients and healthcare providers.
- Financial Impact: The financial impact of a ransomware attack can include potential fines, legal fees, and data recovery costs.
- Reputation Damage: A ransomware attack leading to data loss or service disruptions can cause damage to the reputation of the healthcare organization.
To mitigate these risks, healthcare organizations must implement a comprehensive backup and recovery strategy for e-PHI data stored locally or in the cloud. This includes regular backups, secure storage, testing restoration processes, and implementing security measures to prevent ransomware attacks, such as software updates, employee training, and robust cybersecurity protocols.