- Encryption of data during backup: During the backup process, all files are first secured with a personal 256-bit AES or Mozy managed 448-bit Blowfish encryption key and then transferred to a Mozy data center via a secure SSL connection which negotiates the highest grade encryption available according to the default settings for OpenSSL.
- Encryption of data on MozyPro servers: All backed up data maintains the 448-bit Blowfish encryption while stored "at rest" in the MozyPro data center.
- Users can choose Mozy's encryption key using 448-bit Blowfish encryption or manage your own key using military-grade 256-bit AES encryption to secure your data during storage.
- Physical security: MozyPro servers are located in a Tier 4 data center protected by gated perimeter access, 24 x 7 x365 on-site staffed security and technicians, electronic card key access, and strategically placed security cameras inside and outside the building.
- Remote/offsite backup: MozyPro is an automated remote or offsite backup and a key component in any disaster recovery plan as protection against hardware failure, theft, virus attack, deletion, and natural disaster.
- Logical access: Backed up data may be accessed via the password protected, web-based MozyPro administrative console by supplying a valid encryption key.
- Written contingency plan: The HIPAA Security rule requires that covered entities have a written contingency plan for responding to system emergencies, including a detailed plan concerning the data backup and recovery process in the event of a disaster.
Note: There is no standard "HIPAA certificate of compliance" for backup software and services. For more information about HIPAA and HIPAA compliance, contact your legal counsel or refer to the HIPAA section of the U.S. Department of Health and Human Services' website.