So tell me how insecure/dumb my backup plan is, and how I can improve it.
Short answer: I think what you are doing is fine. Maybe that is because my system is fairly similar (though I don't use Crashplan, I use iDrive). I don't think you have explained your system for backing up Imported Items, though.
Here are some principles that I have learned from conversations over the years with AC users:
1. You should have periodic backups of your AC files (enc) and Imported Items files. You should have them in the cloud, in your office, and ideally, locally on a machine but outside of your office (one that is readily accessible in an emergency).
2. The backups should be automatic; they should occur without any need for you to "do something" or "remember something" on a regular basis.
3. You should know where those backups are and how to access them in an emergency.
4. You should check the backups periodically to be sure they "work", and to know HOW to restore in the event of an emergency, as well as how long it will take to do so.
In my opinion, if you are doing these things, you are in good shape. My guess... and this is just a guess, is that if you are taking these basic steps, you are doing more than the majority (maybe the great majority) of AC users.
I have also learned this: No matter how you back up; no matter how many redundancies you have in software, hardware, locations and numbers of backups, etc... you will always find someone who tells you that you should do something more, because "What if....". Just keep in mind that everyone has their own level of comfort about this. It's not that anyone is right or wrong, just that opinions vary. Widely.
Keep your prime goal in mind regarding backups: your patient data is precious. You need to have it in the event of an untoward event, ranging from the common (a blown power supply or hard drive on your computer) to the unusual (a fire, flood or other catastrophe).
Another principle is to remember that if one of these events occurs, you will be unable to practice normally (or perhaps at all) for a period of time. That time may be measured in hours, minutes, or days. A secondary goal is to minimize that downtime. You have to measure the amount you choose to invest
now in hardware, software, time (and your time IS money), and energy, and then balance it against the downtime cost of a disaster. It is not an obvious calculation, and the answer will vary widely based on everything from the number of providers in your practice to your own level of anxiety.
