How is data backed up? How often?

mumms® CPC and PAS data is backed nightly to magnetic tape. Tapes are bit-level verified immediately after the backup is complete. The data is also mirrored to an additional off-site server at least once per day. These tapes are removed and taken to an off-site HIPAA compliant storage facility every Friday. The tapes are rotated every three weeks with one monthly backup being kept for one calendar year.

How is data recovered if destroyed?
If the data is available online (on the backup server) the necessary files are copied from the backup server to the production server. Otherwise, data from tapes stored off-site can be retrieved and the backup application can be used to recover the necessary files.

Tape retrieval is available 24/7/365.

How often is the data recovery procedure tested?
The tape data recovery system is tested at random every quarter.

What is the contingency plan in case of disaster?
mumms® has an alternate data center with servers that are used in the event of a disaster. Special media sets are made monthly, after upgrades, or after updates for the disaster recovery plan. These media sets have the ability to make a new server in a matter of hours.

At what level and degree does mumms® PAS and CPC track user activity?
mumms® PAS tracks any modification of critical data, including the last user that made a change. If additional user tracking is required, contact the mumms® office and ask about the audit trail feature.

All data modifications in mumms® CPC are tracked and are available within the program. Additional logs for patient downloads and workflow information are kept, however, that data is not currently available in the application.

If additional auditing is required for either application, custom modules are available upon request.

What kind of security monitoring does mumms® use to ensure that unauthorized users cannot access the programs?
Network login failures are reviewed weekly. Network login attempts with correct user IDs are available as reports to any client at an additional charge.

What is the password policy?
When the program is first installed, one user at a hospice is provided a password to access the program. Once the program is accessed, the user must create a personalized password that is unknown to others. mumms® highly recommends that all desktops and laptops have password protection to access Windows as well.