About 10 years ago, I told my dental client that I needed to examine a copy of his practice management data.

I offered the dentist three options:

  1. I could remotely connect to his computer and transfer a copy of the data to my server.
  2. The dentist could upload a copy of the data directly to my server using a dropbox link.
  3. The dentist could copy the data to a USB flash drive and FedEx it to me.

Dentist: “I’ll send you a backup copy of my data.”

Me: “Sounds good, do you have a USB flash drive.”

Dentist: “Yes, and I’ll make sure to send it to you today.”

You can imagine my surprise when FedEx showed up with the package.

I was expecting a USB flash drive in bubble wrap envelope and instead, the FedEx driver handed me a heavy, shoe-box sized package.


Inside the box was an old, large, and heavy external hard drive which was at least 10 years old. The dentist even included the original chunky power adapter.

I wondered why the dentist decided to send me this old hard drive, thinking that it probably cost more for him to FedEx the hard drive to me than what the hard rive itself was worth.

In any event, I decided set the package aside for safe keeping until I could examine it later.

It was the following Friday when I had a chance to power up the old clunker to take a look at the data.

The hard drive was empty – Zero, ZIP, NADA.

There were NO FILES on the hard drive!

To be certain, I scanned the drive to look for deleted file – still nothing..

I thought to myself, “No worries, the dentist made a mistake and didn’t copy any data files to the hard drive.”

I made a note to call him on Monday to make arrangements to get a copy of the data.

When Monday morning rolled around, and before I had a chance to call him, the dentist phones my office.

His tone was anxious.

Dentist: “My main computer crashed over the weekend, and I need you to send back the hard drive with the data.”

Me: “Don’t you have a backup copy?”

Dentist: “Yes, I have a backup. It’s on the hard drive I sent to you.”

Me: “The hard drive you sent to me is empty. It arrived with no files saved on it.

…there was a long uncomfortable pause…

Dentist: “What do you mean!?”

I explained what happened. It took a while before he started to believe me, and then realized his predicament.

The dentist said he sent me his ONLY backup.

He told me that the hard drive he sent to me was plugged into his “main computer” and he thought that it was automatically backing up every night.

No one had ever checked the hard drive to see if the backup was working properly.

I offered some hope. “It’s a long shot. Contact an IT company and ask them to search every hard drive in your office for a local copy of the data. Sometimes, when a software support person ‘remotes-in’ to fix a problem, they will make a copy of the data on a network drive as a precaution.”

The dentist called me about a week later and said they found a copy of the data that was 3 months old.

He was very relieved to have his practice management software up and running again, but confessing being overwhelmed by the impact of losing 3 months of data.

See a Typo or an Error? Report it.

Don’t lose your data and stomach lining.

The events in this story are true and could have been avoided if the dentist followed this simple advice.

Data backup is not a “Do-It-Yourself” project. Hire a Pro to do it.

Do-it-yourself backups may be OK for your personal data, but not your your practice data.

There are many reasons why a Do-It-Yourself backup solution is a bad idea for a dental practice.

Here are a few that come to mind.

Do-it-yourself backups can fail basic HIPAA RULES.

HIPAA guidelines require:

  • In addition to local backups, keep offsite backups .
  • Have written procedures regarding data backup.
  • Have a written (disaster) recovery plan.
  • Regularly test the recovery plan.

Hire an IT pro with a track record of working with professionals that store confidential, protected and sensitive data.

DIY backups won’t qualify for cyber-insurance.

All cyber-insurers are tightening their underwriting requirements. If you do not hire a pro with a track record of working with sensitive information to document and perform the work, you will may not be eligible for cyber-insurance coverage in the event of a data breach.

DIY backups are unlikely to follow 3-2-1 rule.

The “3-2-1 golden rule” for data backup.

  • Keep 3 copies of your data
  • Use 2 different media to store the data
  • Keep 1 copy offsite (not in the cloud)

Keep in mind, there are variations of the 3-2-1 rule with names such as the 3-2-2-1 rule, or the 3-2-1-1-0 rule.

Whichever backup method your IT pro chooses, the 3-2-1 rule is the minimum required for your practice data.

If you have questions, or need help in implementing any of the suggestions in this article, contact me for assistance.

William Hiltz, CEO Hiltz & Associates

Report an Error or Typo.

If you see an error or spot a typo, please let me know.

Send your comments directly to Bill Hiltz using the form below.