Information security in general practice

Information backup

Validate and test your backups

      1. Validate and test your backups

Validate and test your backups

It is vital that you have a process established to determine your backups have successfully completed. Backup failures are often only detected when it is necessary to use the backup to restore data. It is recommended you have a system of daily, weekly, monthly and annual backups to ensure backup reliability.

It is important to regularly test the integrity of your backup data. This ensures the backup has been successful and that the data is accurate, correct, complete and preserved for future use.

Backup testing

You can check your backups by validating the data against what is in your live system via a test computer. This can be done automatically by your software, by your IT provider or manually by your practice team.


Planned server shutdown

As part of your normal IT maintenance processes, it is good practice to routinely back up your entire server and schedule a planned server shutdown. This allows you to test the recovery process in your practice.

You should choose the time for a controlled shutdown process wisely, as it can often take up more time than you may have anticipated (i.e. try to schedule controlled shutdowns at a times when the process is less likely to impact day-to-day business, such as out of business hours or overnight).

The processes and procedure for a controlled shutdown should be fully documented.

Your clinical information system is likely to have an inbuilt automated backup function. You should consult with your vendor regarding how these backups are undertaken and how they can be accessed if required.

Case study: The severe repercussions of not performing backups

A medical centre that had been operating the same clinical information system for the past five years encountered a serious and prolonged power outage.

This power outage left the medical centre’s hardware to rely on its battery backup system to help ‘softly’ shut down its systems in the correct manner and sequence to avoid hardware damage and data corruption. Unfortunately, in the same way data backups need to be tested for validity, the battery backup had not been tested and failed when it was needed for the first time, leaving the server unprotected when power was cut.

The consequences of not shutting down or restarting the practice’s computers safely were catastrophic.

As a result of the power outage, the medical centre discovered it had not performed any backups of patient data, or of the server itself. The failure of the server hard drives and the subsequent data corruption due to the sudden power outage left the medical centre unable to recover any electronic patient files. This loss of data was a major disruption, as the medical centre had been in operation for 15 years and had converted to electronic records five years earlier.