Backup for Epic
Epic does not automatically create a backup of your patient records. Here is what is genuinely at stake — and how to protect it in under an hour.
((WGBO (15 years) + NEN 7510))
What is actually stored in Epic?
Epic is the daily operational backbone for many academic hospitals and large medical centres. What most users don't realise: all that data is not automatically protected against loss.
Typical data that lives in Epic and can be lost:
- complete patient records — full longitudinal patient record across all departments
- imaging data — radiology and pathology imaging stored in the Epic ecosystem
- lab results — laboratory test results and reference ranges
- clinical notes — physician notes, discharge summaries and care plans
All of this data falls under WGBO (15 years) + NEN 7510, which means you must be able to reproduce it for 15 years.
Does Epic automatically create a backup?
Epic is cloud-based, so your data is safe — right? This is the most common misconception among academic hospitals and large medical centres.
Epic Systems guarantees that the platform runs, not that your data can be recovered after ransomware or errors.
Ransomware
Encrypts everything — including data synchronised via Epic. Without an offline backup you have no clean recovery point.
Human error
A deleted record, an overwritten import or a mistaken bulk action — Epic offers limited or no undo functionality after more than limited via rollback procedure.
Cloud sovereignty risk (US-hosted data)
Epic is a US company. Data hosted on Epic's cloud falls under US jurisdiction, which can conflict with Dutch GDPR and NEN 7510 requirements.
How Mindtime protects Epic data
Mindtime connects directly to Epic via a local agent combined with the Epic API and creates continuous incremental backups.
| Scenario | Epic alone | With Mindtime backup |
|---|---|---|
| Ransomware encrypts your data | x | ✓ |
| Employee deletes records | x | ✓ |
| Integration overwrites data | x | ✓ |
| Prove GDPR retention obligation | x | ✓ |
| Data on Dutch servers | Epic cloud (US) or on-premises | 100% Netherlands |
What if something goes wrong?
Imagine: it's Monday morning. Epic is no longer showing data — ransomware attacked the hospital's internal network and interrupted the connection to the Epic EPR, forcing staff to switch to paper-based workflows. What now?
Alert received
Mindtime automatically detects that something is wrong and sends an alert.
Choose a recovery point
Choose the moment before the attack. Every increment is saved.
Local recovery started
Recovery starts directly from the local copy. No waiting for a cloud download.
Operational
Your Epic environment is running again. All patient records is intact.
Epic and your retention obligation
Data you manage in Epic typically falls under WGBO (15 years) + NEN 7510. That means you are legally required to retain those records for 15 years.
Mindtime stores all Epic data exclusively on Dutch servers, fully within GDPR jurisdiction.
Mindtime is ISO 27001 certified and NEN 7510 where applicable.
Secure your Epic data in five steps
Setup takes less than an hour. After that, the backup runs fully automatically.
Request a demo
We show you how Mindtime works for Epic.
Install the Mindtime agent
The agent is installed on your server or workstation.
Configure the backup schedule
Set which data, how frequently and how long it is retained.
First backup + test recovery
We run a test recovery so you know it works.
Runs automatically
Mindtime runs fully automatically. We schedule a brief quarterly review.
Why academic hospitals and large medical centres choose Mindtime
100% on Dutch soil
Your data never leaves the Netherlands. Two redundant data centres within GDPR jurisdiction.
ISO 27001 + NEN 7510
Independently certified. Annual external audit on processes and security.
Hybrid backup: fast recovery
Local copy for fast recovery and cloud copy for disaster scenarios.
No vendor lock-in
Your data is always yours, in standard formats. You can switch or export at any time.
What is actually stored in Epic?
Epic is the daily operational backbone for many academic hospitals and large medical centres. What most users don't realise: all that data is not automatically protected against loss. Typical data that lives in Epic: complete patient records, imaging data, lab results and clinical notes. All of this falls under WGBO (15 years) + NEN 7510, meaning you must be able to reproduce it for 15 years — even after ransomware, a fire or human error.
Does Epic automatically create a backup?
Epic is cloud-based, so your data is safe — right? This is the most common misconception among academic hospitals and large medical centres. Epic offers high availability — meaning the software is almost always online. But availability is not the same as a backup. Epic Systems guarantees that the platform runs, not that your data can be recovered after a ransomware attack, a deleted account or an integration error.
Ransomware
Encrypts everything — including data in Epic. Without an offline backup you have no clean recovery point.
Human error
A deleted record or bulk import error — Epic offers limited undo after limited via rollback procedure.
Cloud sovereignty risk (US-hosted data)
Epic is a US company. Data hosted on Epic's cloud falls under US jurisdiction, which can conflict with Dutch GDPR and NEN 7510 requirements.
How Mindtime protects Epic data
Mindtime connects directly to Epic via a local agent combined with the Epic API and creates continuous incremental backups — in the background, with no action required on your part. Your data is stored on 100% Dutch servers, fully GDPR-compliant.
| Ransomware encrypts your data | ✗ No recovery | ✓ Restore from pre-attack snapshot |
| Employee deletes records | ✗ Limited undo window | ✓ Record-level recovery |
| Integration overwrites data | ✗ Cannot be undone | ✓ Restore from any point in time |
| GDPR retention obligation | ✗ No audit trail backup | ✓ Point-in-time restore + report |
| Data on Dutch servers | ✗ Epic cloud (US) or on-premises | ✓ 100% Netherlands |
What if something goes wrong?
Imagine: it's Monday morning. An employee notices that Epic is no longer showing data — ransomware attacked the hospital's internal network and interrupted the connection to the Epic EPR, forcing staff to switch to paper-based workflows. What now? With Mindtime you are back up and running within 2–4 hours.
Alert received — within minutes
Mindtime automatically detects the problem and sends an alert.
Choose a recovery point — to the minute
Select the moment before the attack in the Mindtime dashboard.
Local recovery started — quickly available
Recovery begins immediately from the local copy — no waiting for a cloud download.
Operational — within 2–4 hours
Your Epic environment is running again. All patient records intact. No ransom paid.
Retention obligation for Epic
Data in Epic typically falls under WGBO (15 years) + NEN 7510. That means you are legally required to retain records for 15 years and to be able to reproduce them during an audit or legal request. Mindtime configures the correct retention period automatically and stores all data on exclusively Dutch servers — fully within GDPR jurisdiction. Mindtime is ISO 27001 certified and NEN 7510 certified — independently verified, not self-declared.
Secure your Epic data in five steps
Setting up backup for Epic takes less than an hour. After that, the backup runs fully automatically in the background — no manual actions, no maintenance burden.
Request a free demo
We show you how Mindtime works for Epic — including the integration for your specific environment.
Install the Mindtime agent
The agent is installed on the server or workstation where Epic is running. Average: 20 minutes.
Configure the backup schedule
Set which data, how frequently and how long — aligned to your 15 years retention obligation.
First backup + test recovery
The first full backup starts immediately. We run a test recovery together so you know it works before you ever need it.
Runs automatically — quarterly review
Mindtime runs fully automatically. Monthly backup reports and a brief quarterly review to keep scope up to date.
Why academic hospitals and large medical centres choose Mindtime
Here is why academic hospitals and large medical centres choose Mindtime for backup of Epic — and why we are different from generic cloud backup solutions.
- ISO 27001
- NEN 7510
- GDPR-compliant
- Dutch servers
🇳🇱 100% Dutch servers
Your data never leaves the Netherlands. Two redundant data centres — fully GDPR-compliant. No US law exposure.
ISO 27001 + NEN 7510
Independently certified. Annual external audit on processes, systems and security.
⚡ Hybrid backup: fast recovery
Local copy for fast recovery (hours, not days). Cloud copy for disaster scenarios.
No vendor lock-in
Your data is always yours, in standard formats. Switch or export at any time.
Frequently asked questions about backup for Epic
Have a different question? Ask us directly.
Does Epic automatically create a backup?
Epic offers high availability, but that is not the same as a backup. Epic provides backup within their platform, but an independent backup stored in the Netherlands is required to meet GDPR and NEN 7510 obligations. Mindtime adds an independent, immutable copy.
How long does setup take?
Installation and configuration takes under an hour on average. After the first full backup, all incrementals run automatically.
What does backup for Epic cost?
The price depends on data volume and retention window. We provide a tailored quote after a short intake.
What happens when I want to recover data?
Choose the recovery point in the Mindtime dashboard — to the minute. Recover a file, folder or the complete environment. Average: 2–4 hours.
Is Mindtime compliant with WGBO (15 years) + NEN 7510?
Yes. ISO 27001 certified, exclusively Dutch data centres, retention configured for 15 years under WGBO (15 years) + NEN 7510.
Does Mindtime also work with HiX / ChipSoft and Nedap ONS?
Yes. Mindtime works across your complete IT environment — not just Epic. See also: backup for HiX / ChipSoft and backup for Nedap ONS.
Protect your Epic data today
ISO 27001 certified · 100% Dutch servers · Operational within one hour · No vendor lock-in
Free and no obligation. Average setup time: < 1 hour.