[viraptor]

Yes, I'd love for HIPAA to say: if we're talking about a medical centre, you've got to be able to snapshot and reimage within X hours with data loss of less than Y hours. One can dream...

[15155]

Part of the problem is that HIPAA must be easy for small private practices as well as massive hospitals to follow.

Another standard may be needed for the larger businesses.

[technofiend]

Totally agree, but in 2016 that doesn't take much: spin up two instances in different AWS datacenters and fail between them and you have Disaster Recovery. Regularly operate in each datacenter and you have Sustained Resiliency. A small business probably won't have staff to maintain such a solution but surely this is a space for a nice niche startup?

[otterley]

> in 2016 that doesn't take much: spin up two instances in different AWS datacenters and fail between them and you have Disaster Recovery

Things that look simple on the surface are often not easy to implement in practice - especially when you're not starting with a green field.

[technofiend]

Why am I not starting with a greenfield? In my example I did mention a niche start up.

[LoSboccacc]

That won't work you'd need the whole datacwnter to comply with the security restriction you can't just have the data in a place where you don't know whom can access

[viraptor]

That's not true actually. You can be HIPAA compliant while storing data on AWS. https://aws.amazon.com/compliance/hipaa-compliance/

[stcredzero]

Part of the problem is that HIPAA must be easy for small private practices as well as massive hospitals to follow.

We're at the point where some company could sell a comprehensive software package for small practices that includes disaster recovery.