Things will go wrong. The information below will help you to have an informed discussion with your IT support provider about backing up your important data for when the unexpected happens. Your priority is to have an adequate backup regime so you won’t lose the information you need to keep your practice running.
Get started quickly by reading the "Creating a daily backup plan" article and downloading a template for your backup planning.
Why back up?
You need your data to run your practice and care for your patients, but there are no guarantees your data will be there when you get to work each morning.
Access to the information stored on your computers or held by others (such as hosted and cloud services) on your behalf can be lost due to:
- computer failure
- human error
- malicious acts
- loss of physical or remote access (because of, for example, fire, natural disaster, civil emergency, bankruptcy of supplier)
- corruption of the information
- accidental deletion.
You need to minimise the risk of losing your information, and backing up is one of the best ways to do that.
You should back up to:
- retain financial data required for auditors
- comply with the requirement in your funding agreements, quality frameworks and regulations to have backups
- retain governance information and records of board meetings, resolutions, etc
- protect the historical records of your practice for future reference
- ensure staff information, contact details, payroll information and rosters are not lost
- ensure client data is protected and you can access payment, attendance and contact information
- retain program data that you require to reconcile grants and funding.
How important is your data?
How important is your data to the continued running of your practice? The answer determines how rigorous your backup procedure should be.
To help answer these questions, start building a picture of what information you have. Throughout this guide we’ll be asking questions about each set of information.
Think about the technology systems and sets of information that you have. For example, do you have:
- payroll
- finance
- a client management system
- newsletter mailing lists
- phones (landlines)
- mobile phones
- a website?
For each system and set of information you have, consider:
- your tolerance for unavailability of each (for example - one day, two weeks)
- your tolerance for data loss (for example - one day, one week). Think about the typical timeframe in which you would create enough new files or make enough changes to existing information that it would be difficult to recreate them if they were lost. This will help you decide how regularly you want to back up your data and to have a copy elsewhere. So consider, if data loss occurred right before your next backup, how long would it have been since your last retrievable backup?
Your list is starting to look something like this:
Where is your data stored?
Build up a picture of where your systems and information sets are stored. Information may be duplicated in multiple places, it may be distributed across various locations, or it may be a mix of both.
For each system and set of information, consider where it is stored. If it is in more than one place, identify the main place it is stored. These storage places could be:
- PCs, laptops and tablets
- phones
- servers
- cloud or hosted services.
Now your list is looking something like this:
What should you back up and how often?
Daily, weekly, monthly? How often you backup data will generally depend on how important it is to you. You can also use your “tolerance for data loss” to understand how often different data should be treated. For example, if you can’t risk losing data for a day or a week, it may be best to include them in your daily backups.
Add a column to your list titled ‘Backup’ and work through each row, identifying how often you think you’ll need to back each system or information set.
Once you’ve finished, your list should looks something like this:
How should you back up?
We have not covered all backup types in this guide, only those applicable to small-medium sized practices. Other types of backups, such as incremental, exist. For further information about backup types and options see this Wikipedia article.
In this guide, we’ll discuss three different types of backups:
- Full data: Backs up all your data. It is time consuming to back up and takes up space, but is the easiest and quickest type of backup to restore.
- Differential data: Backs up just the things that have changed since last full backup. It is fast to back up, doesn’t take much space, but is slightly harder and slightly slower to restore than full backups.
- Imaging: Takes an ‘image’ of the entire drive, including software, operating system, any customisation you’ve done, where everything is stored and so on. It is very useful if you need to quickly rebuild a computer that is broken.
Your analysis of your systems and data sets will help you and your ICT supplier determine which type or types of backups provide the safest and most pragmatic backup regime for your practice.
You will also need to carefully store your program disks (if you have them) or security keys if you’ve downloaded them. That way your programs can be restored without backing them up.
Where will the backups live?
There are three main options for storage :
- Local or direct-attached hardware, for example:
- tapes
- portable hard drives
- USB drives
- Network back-up using a local server. This is usually a Network Access Storage (NAS) device.
- Cloud storage (backed up over the internet)
Each has advantages and disadvantages. These include cost, reliability, storage capacity, portability, ease of use, and life span. Your ICT supplier or IT expert can help you decide which is the most appropriate in your situation. Most practices choose to keep multiple backups (for example a different portable hard drive for each day of the week) to reduce risk and to provide an additional way to restore files that were deleted a day or two (or more) ago.
Off site backups
You also need to consider keeping backups in an alternative location to your live systems – this is commonly known as off-site backups. Off-site backups ensure that if you lose access to your technology (for example a hard disc failure, a natural disaster or fire) that you have access to recent enough backups to restore your information.
Options for storing off-site back-ups include a staff member’s home, paid storage facilities or online hosted backup services. The off-site location needs to be far enough away to be recoverable in a disaster that affects a wide area, so not just down the road.
Are your backups safe and working?
Make sure your ICT support practice builds checks and balances into your backup regime.
Backups should be checked regularly (for example every three to six months) to ensure:
- restores of information are working
- everything that should be is being backed up
- backup media with limited life (for example tapes) are replaced before they break.
Backups sometimes fall into unauthorised hands. To make sure they stay safe, protect them with a password and encryption.
What about backing up your hosted and cloud data?
For the most part, Cloud services such as Microsoft Office 365 and Google Apps are better at backing up data than you’ll ever be. However, no backup solution is 100% failure-proof.
Before signing up with a cloud or hosted service, investigate the options available for extracting your information. This should be done periodically and downloaded either to your own storage devices or another cloud or hosted service. You may even decide to extract this information as regularly as we have discussed in the rest of this guide – your decision will depend on your tolerance for risk.
Again, your ICT support practice or IT expert should be able to help you with these decisions and with setting up these services.
What's next?
If you haven't already downloaded our template for planning your backup strategy, you can download the template now. Next, read our article titled "Creating a daily backup plan" which also includes a helpful template to get your started.
For more information, see the RACGP's Guide to information backup in general practice.