BUSINESS ASSOCIATE AGREEMENT

THIS BUSINESS ASSOCIATE AGREEMENT (“Agreement”) is made and entered into on this day of September 2013, by and between ______________________________  (“Covered Entity”), and Abeo Solutions, Inc. (“Business Associate”). Covered Entity and Business Associate are sometimes referred to herein collectively as the “parties” and individually as a “party”.

WHEREAS, Business Associate performs certain functions on behalf of and/or provides certain services that qualifies it as a “business associate” of Covered Entity pursuant to 45 C.F.R. § 160.103;

WHEREAS, in the performance of such functions and/or the provision of such services, Business Associate may require access to Protected Health Information (defined below) in possession, custody, or control of Covered Entity, or may create or receive Protected Health information on behalf of Covered Entity for the limited purposes identified in this Agreement;

WHEREAS, pursuant to the Federal Standards for Privacy and Security of Individually Identifiable Health Information, 45 C.F.R. Parts 160 and 164, as established under the Health Insurance Portability and Accountability Act (HIPAA), Covered Entity cannot disclose Protected Health Information to or authorize the creation or receipt of Protected Health Information on its behalf by Business Associate unless Covered Entity obtains from Business Associate satisfactory assurances that Business Associate will properly safeguard such information; and

WHEREAS, Business Associate is willing to provide such assurances to Covered Entity under the terms specified herein.

NOW, THEREFORE, the parties agree as follows:

I. Definitions.

(a)   Breach. “Breach” shall have the same meaning as the term “breach” in 45 C.F.R. § 164.402.

(b)   Business Associate. “Business Associate” shall mean Abeo Solutions, Inc.

(c)    Covered Entity. “Covered Entity” shall mean _____________________________.

(d)   Electronic Health Record. “Electronic Health Record” shall have the same meaning as the term “electronic health record” in American Recovery and Reinvestment Act of 2009, § 13400(5).

(e)    Electronic Protected Health Information. “Electronic Protected Health Information” shall have the same meaning as the term “electronic protected health information” in 45 C.F.R. § 160. 103.

 

(f)   Electronic Transactions Rule. “Electronic Transactions Rule” shall mean the regulations issued by HHS concerning standard transactions and code sets under 45 C.F.R. Parts 160 and 162.

(g) HHS. “HHS” shall mean the Department of Health and Human Services.

(h) Privacy Rule. “Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160 and 164, subparts A and E.

(i)   Protected Health Information. “Protected Health Information” shall have the same meaning as the term “protected health information” in 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of Covered Entity.

(j)   Required By Law. “Required by Law” shall have the same meaning as the term “required by law” in 45 C.F.R. § 164.103.

(k) Security Incident. “Security Incident” shall have the same meaning as the term “security incident” in 45 C.F.R. § 164.304.

(l)   Security Rule. “Security Rule” shall mean the Security Standards and Implementation Specifications at 45 C.F.R. Parts 160 and 164, subpart C.

(m)Subcontractor. “Subcontractor” shall have the same meaning as the term “Subcontractor” in 45 C.F.R. § 164.103.

(n)   Transaction. “Transaction” shall have the meaning given the term “transaction” in 45 C.F.R. § 160.103.

 

(o)   Unsecured Protected Health Information. “Unsecured protected health information” shall have the meaning given the term “unsecured protected health in C.F.R. §164.402

II. Safeguarding Privacy and Security of Protected Health Information

(a) Permitted Uses and Disclosures. Business Associate is permitted to use and disclose Protected Health Information only as set forth below:

(i)     Functions and Activities on Covered Entity’s Behalf. To perform functions on behalf of Covered Entity as such functions are agreed upon by Covered Entity and Business Associate pursuant to an underlying agreement between the parties (the “Services Agreement”).

(ii)   Business Associate’s Operations. For Business Associate’s proper management and administration or to carry out Business Associate’s legal responsibilities, provided that, with respect to disclosure of the Protected Health Information, either:

(A) The disclosure is Required by Law; or

 

(B) Business Associate obtains reasonable assurance from any other person or entity to which Business Associate will disclose Covered Entity’s Protected Health Information that the person or entity will:

(1)   Hold the Protected Health Information in confidence and use or further disclose the Protected Health Information only for the purpose for which Business Associate disclosed the Protected Health Information to the person or entity or as Required by Law; and

(2)   Promptly notify Business Associate of any instance of which the person or entity becomes aware in which the confidentiality of the Protected Health Information was breached.

(iii)Minimum Necessary. Business Associate will, in its performance of the functions, activities, services, and operations specified above, make reasonable efforts to use, to disclose, and to request only the minimum amount of the Protected Health Information reasonably necessary to accomplish the intended purpose of the use, disclosure or request, except that Business Associate will not be obligated to comply with this minimum-necessary limitation of 45 C.F.R. § 164.502(b) if neither Business Associate nor Covered Entity is required to limit its use, disclosure or request to the minimum necessary. Business Associate and Covered Entity acknowledge that the phrase “minimum necessary” shall be interpreted in accordance with 45 C.F.R. § 164.502(b).

(iv)Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of the Protected Health Information by Business Associate in violation of the requirements of this Agreement and to assist Covered Entity’s efforts to mitigate any such harmful effect.

(b)   Required Uses and Disclosures. Business Associate shall disclose Protected Health Information (i) when required by the Secretary of DHHS under 45 C.F.R. Part 160, Subpart C to investigate or determine Business Associate’s compliance with Subchapter C of 45 C.F.R., Subtitle A, and (ii) to Covered Entity, the individual or the individual’s designee, as necessary to satisfy Covered Entity’s obligations under 45 C.F.R. § 164.524(c)(2)(ii) and (3)(ii) with respect to the individual’s request for an electronic copy of his or her Protected Health Information.

(c)    Prohibition on Unauthorized Use or Disclosure. Business Associate will neither use nor disclose the Protected Health Information, except as permitted or required by this Agreement or in writing by Covered Entity or as Required by Law. This Agreement does not authorize Business Associate to use or disclose the Protected Health Information in a manner that will violate the Privacy Rule.

(d) Information Safeguards.

(i) Privacy of Protected Health Information. Business Associate will comply with the Privacy Rule to the extent applicable to Business Associate. The Business Associate’s Privacy Rule safeguards must reasonably protect the Protected Health Information from any intentional or unintentional use, access or disclosure in violation of the Privacy Rule

and limit incidental use, access or disclosure made pursuant to a use, access or disclosure otherwise permitted by this Agreement.

(ii) Security of Electronic Protected Health Information. Business Associate will comply with the Security Rule and will use appropriate administrative, technical, and physical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic Protected Health Information that Business Associate creates, receives, maintains, or transmits on Covered Entity’s behalf as required by the Security Rule. Business Associate shall review and modify the security measures implemented in accordance with the above as needed to continue provision of reasonable and appropriate protection of Electronic Protected Health Information. Business Associate shall update documentation of such security measures in accordance with 45 C.F.R. § 164.31 6(b)(2)(iii) and shall designate a Security Officer and undertake appropriate training of its personnel in accordance with the Security Rule.

(e)    Subcontractors and Agents. Business Associate will ensure that any of its Subcontractors and agents, to whom it provides Protected Health Information and/or Electronic Protected Health Information received from, or created or received by the Business Associate on behalf of, the Covered Entity agree to the same restrictions and conditions that apply to the Business Associate with respect to such information. Business Associate may permit a business associate that is a Subcontractor to create, receive, maintain, or transmit Electronic Protected Health Information on its behalf only if Business Associate obtains satisfactory assurances, in accordance with 45 C.F.R. § 164.3 14(a), that the Subcontractor will appropriately safeguard such information. Business Associate agrees that any of Business Associate’s Subcontractors that create, receive, maintain or transmit Protected Health Information or Electronic Protected Health Information on behalf of Business Associate shall comply with the applicable requirements of 45 C.F.R. Part 164, Subpart C by entering into a contract or other arrangement with such Subcontractor that complies with 45 C.F.R. § 164.3 14(a)(2)(i).

(f)    Prohibition on Sale of Records. Effective September 23, 2013, Business Associate shall not engage in any sale of Protected Health Information as defined in 45 C.F.R. § 164.501.

  1. III.    Compliance with Electronic Transactions Rule. If Business Associate conducts in whole or part electronic Transactions on behalf of Covered Entity for which HHS has established standards, Business Associate shall comply, and will require any Subcontractor it involves with the conduct of such Transactions to comply, with each applicable requirement of the Electronic Transactions Rule. Business Associate shall also comply with the National Provider Identifier requirements, if and to the extent applicable.
  2. IV.    Individual Rights.

(a) Access. Business Associate will make available Protected Health Information in accordance with 45 C.F.R. § 164.524, upon request from Covered Entity, so that Covered Entity may meet its access obligations under 45 C.F.R. § 164.524. Effective September 23, 2013, if the Protected Health Information is maintained electronically in a designated record set in the Business Associate’s custody or control, then the Covered Entity shall have a right to obtain from Business Associate a copy of such information in an electronic format.

 

(b)   Amendment. Business Associate will, upon receipt of written notice from Covered Entity, promptly amend or permit Covered Entity access to amend any portion of an individual’s Protected Health Information that is in a designated record set in the custody or control of the Business Associate, so that Covered Entity may meet its amendment obligations under 45 C.F.R. § 164.526.

(c)    Disclosure Accounting. Business Associate will make available the information required to provide an accounting of disclosures in accordance with 45 C.F.R. § 164.528, upon request from Covered Entity, to allow Covered Entity to meet its disclosure accounting obligations under 45 C.F.R. § 164.528. Business Associate will maintain the Disclosure Information for six (6) years following the date of the accountable disclosure to which the Disclosure Information relates.

(d)   Restriction Agreements and Confidential Communications. Business Associate will comply with any agreement that Covered Entity makes that either (i) restricts use, access or disclosure of Covered Entity’s Protected Health Information pursuant to 45 C.F.R. § 164.522(a), or (ii) requires confidential communication about Covered Entity’s Protected Health Information pursuant to 45 C.F.R. § 164.522(b), provided that Covered Entity notifies Business Associate in writing of the restriction or confidential communication obligations that Business Associate must follow. Covered Entity will promptly notify Business Associate in writing of the termination of any such restriction agreement or confidential communication requirement and, with respect to termination of any such restriction agreement, instruct Business Associate whether any of Covered Entity’s Protected Health Information will remain subject to the terms of the restriction agreement.

V. Reporting.

(a) Breach or Unauthorized Use, Access or Disclosure. Business Associate will report to Covered Entity any potential Breach of Unsecured Protected Health Information or any other non-permitted use, access or disclosure of Protected Health Information as soon as reasonably practicable and not more than five (5) calendar days after discovery of such potential Breach or such other non-permitted use, access or disclosure of such Protected Health Information. Business Associate will treat a potential Breach as being discovered in accordance with 45 C.F.R. § 164.410. Business Associate will make the report to Covered Entity’s Privacy Officer. If a delay is requested by a law-enforcement official in accordance with 45 C.F.R. § 164.412, Business Associate may delay notifying Covered Entity for the applicable time period. Business Associate’s report will include at least the following, provided that absence of any information will not be cause for Business Associate to delay the report:

(i)     Identify the nature of the Breach or other non-permitted or violating use, access or disclosure by Business Associate or its Subcontractors;

(ii)   Identify the Protected Health Information used, accessed or disclosed by Business Associate or its Subcontractors;

 

(iii)Identify which individual made the Breach or other non-permitted or violating use or access or received the non-permitted or violating disclosure;

(iv)Identify what corrective action Business Associate or its Subcontractors took or will take to prevent further Breaches or other non-permitted or violating uses, accesses or disclosures;

(v) Identify what Business Associate or its Subcontractors did or will do to mitigate any harmful effect of the Breach or other non-permitted or violating use, access or disclosure; and

(vi) Provide such other information, including a written report and risk assessment of Business Associate or its Subcontractors under 45 C.F.R. § 164.402, as Covered Entity may reasonably request.

(b)        Security Incidents. Business Associate will provide notice to Covered Entity of any Security Incident of which Business Associate becomes aware. Business Associate will make the report in the form noted in Section V.(a) above and will cooperate with Covered Entity to promptly address and correct the Security Incident.

(c)          Notice. For purposes of notifying Covered Entity of privacy Breaches, Security Incidents or an unauthorized use, access or disclosure of Protected Health Information, notices shall be deemed given when properly addressed to a party’s privacy contact upon the date of receipt if hand-delivered or emailed, or three (3) business days after deposit in the U.S. mail if mailed by registered or certified mail, postage prepaid, or one (1) business day after deposit with a national overnight courier for next business day delivery, or upon the date of electronic confirmation of receipt of a facsimile transmission.

(d)        Address for Notice. Notice of a privacy Breach, Security Incident or unauthorized use, access or disclosure shall be communicated to Covered Entity as follows:

Contact Office:

Telephone:

Fax:

Email:

VI. Term and Termination.

(a) Term. The term of this Agreement shall be effective as of September 22, 2013, and shall terminate when the underlying Services Agreement between the parties has terminated, subject to obligations of the parties which extend beyond or survive such termination, including those obligations related to return or destruction of Protected Health Information upon termination of this Agreement.

 

(b)   Right to Terminate for Cause. Covered Entity or Business Associate may terminate this Agreement if it determines, in its sole discretion, that the other party has breached any material term of this Agreement, and upon written notice to the breaching party of the breach, the breaching party fails to cure the breach within ten (10) calendar days after receipt of the notice. Any such termination will be effective immediately or at such other date specified in a notice of termination.

(c)    Right to Termination Upon Change in Regulations. Either party may terminate this Agreement if amendment or addition to 45 C.F.R. Parts 160-64 affects the obligations under this Agreement of the party exercising the right of termination. The party so affected may terminate this Agreement by giving the other party written notice of such termination at least 90 days before the compliance date of such amendment or addition to 45 C.F.R. Parts 160- 64.

(d)   Return or Destruction of Covered Entity’s Protected Health Information as Feasible. Upon termination of this Agreement, Business Associate will, if feasible, return or destroy all Protected Health Information received from, or created or received by the Business Associate or its Subcontractors on behalf of, the Covered Entity that the Business Associate or its Subcontractors still maintains in any form and retain no copies of such information or, if such return or destruction is not feasible, extend the protections of this Agreement to the information and limit further uses, accesses and disclosures to those purposes that make the return or destruction of the information infeasible. Business Associate will complete these obligations, and shall cause its Subcontractors to comply with these obligations, as promptly as possible, but in no event later than thirty (30) calendar days following the effective date of termination of this Agreement.

(e)    Continuing Privacy and Security Obligation. Business Associate’s obligation to protect, and to cause its Subcontractors to protect, the privacy and safeguard the security of Covered Entity’s Protected Health Information as specified in this Agreement will be continuous and will survive termination or other conclusion of this Agreement.

VII. Indemnification.

(a) Indemnification. Business Associate agrees to indemnify, defend, and hold harmless Covered Entity and its employees, directors, officers, subcontractors, agents or other members of its workforce (each an “Indemnified Party”) against all actual and direct losses or damages suffered by the Indemnified Party and all liability to third parties arising out of or in connection with any alleged breach of this Agreement by Business Associate or from any alleged negligence or wrongful acts or omissions of Business Associate, including failure of Business Associate to perform its obligations under this Agreement, under the Privacy Regulations or under the Security Rule. Accordingly, on demand, Business Associate shall reimburse any Indemnified Party for any and all actual and direct losses, liabilities, damages, lost profits, fines, penalties, costs or expenses (including reasonable attorney fees) which may be imposed upon any Indemnified Party by reason of any suit, claim, action, proceeding or demand by any third party resulting from Business Associate’s breach of this Agreement.

 

VII. General Provisions.

(a)   Definitions. All terms that are used but not otherwise defined in this Agreement shall have the meaning specified under HIPAA, including its statute, regulations and other official government guidance.

(b)   Inspection of Internal Practices, Books, and Records. Business Associate will make its internal practices, books, policies, procedures and records relating to its use and disclosure of Covered Entity’s Protected Health Information available to HHS to determine compliance with the HIPAA Rules.

(c)    Amendment to Agreement. This Agreement may only be amended or modified by a written instrument signed by the parties. In the event of a change of applicable law, the parties agree to negotiate in good faith to adopt such amendments to this Agreement as are necessary to comply with such change in law.

(d)   No Third-Party Beneficiaries. Nothing in this Agreement shall be construed as creating any rights or benefits to any third parties.

(e)    Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity and Business Associate to comply with the applicable requirements under HIPAA.

(f)    Supersession. This Agreement shall supersede and replace in its entirety any Business Associate Agreement previously in place between the parties as of the date of this Agreement.

 

IN WITNESS WHEREOF, each of the undersigned has caused this Agreement to be duly executed in its name and on its behalf effective as of the date first above written.

“COVERED ENTITY”

______________________

By: _____________________

“BUSINESS ASSOCIATE”

Abeo Solutions, Inc.

 

By: ________________________

 

Click here to download a signed copy in pdf format.

Abeo Solutions, Inc. HIPAA Notice of Privacy Practices

  Effective Date: September 22, 2013

 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

 

If you have any questions about this notice, please contact Sunil Chaudhari at (512) 335-1976.

OUR OBLIGATIONS:

We are required by law to:

  •   Maintain the privacy of protected health information
  •  Notify you of any breaches involving your Protected Health Information
  • Give you this notice of our legal duties and privacy practices regarding health information about you

HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION:

Except for the purposes described below, we will use and disclose Protected Health Information only with your written permission.  You may revoke such permission at any time by writing to our practice Privacy Officer.   We will only use and disclose your Protected Health Information without your authorization when necessary for:

 

  • Treatment. We may use and disclose Protected Health Information for your treatment and to provide you with treatment-related health care services.
  • Payment. We may use and disclose Protected Health Information so that we or others may bill and receive payment from you, an insurance company or a third party for the treatment and services you received.
  • Health Care Operations. We may use and disclose Protected Health Information for health care operations purposes.  We also may share information with other entities that have a relationship with you (for example, your health plan) for their health care operation activities.
  • As Required by Law.  We will disclose Protected Health Information when required to do so by international, federal, state or local law.
  • To Avert a Serious Threat to Health or Safety. We may use and disclose Protected Health Information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
  • Business Associates.  We may disclose Protected Health Information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services.  We will only disclose your Protected Health Information to Business Associates who have agreed in writing to maintain the privacy of Protected Health Information as required by law.
  • Public Health Risks.  We may disclose Protected Health Information for public health activities.  These activities generally include disclosures to prevent or control disease, injury or disability; report births and deaths; report child abuse or neglect; report reactions to medications or problems with products; notify people of recalls of products they may be using; a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence.  We will only make this disclosure if you agree or when required or authorized by law.
  • Health Oversight Activities.  We may disclose Protected Health Information to a health oversight agency for activities authorized by law.
  • Data Breach Notification Purposes.  We may use or disclose your Protected Health Information to provide legally required notices of unauthorized access to or disclosure of your health information.
  • Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose Health Information in response to a court or administrative order.  We also may disclose Health Information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
  • Law Enforcement. We may release Protected Health Information if asked by a law enforcement official if the information is: (1) in response to a court order, subpoena, warrant, summons or similar process; (2) limited information to identify or locate a suspect, fugitive, material witness, or missing person; (3) about the victim of a crime even if, under certain very limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of criminal conduct; (5) about

criminal conduct on our premises; and (6) in an emergency to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.

USES AND DISCLOSURES THAT REQUIRE US TO GIVE YOU AN OPPORTUNITY TO OBJECT

Individuals Involved in Your Care or Payment for Your Care. We may disclose your Protected Health Information to a member of your family, a relative, a close friend or any other person you identify, that directly relates to that person’s involvement in your health care, if the information

is relevant to their involvement and you have agreed or had an opportunity to object.

WRITTEN AUTHORIZATION IS REQUIRED FOR OTHER USES AND ISCLOSURES

The following uses and disclosures of your Protected Health Information will be made only with your written authorization:

1.  Uses and disclosures of Protected Health Information for marketing purposes; and

2.  Disclosures that constitute a sale of your Protected Health Information

Other uses and disclosures of Protected Health Information not covered by this Notice or the laws that apply to us will be made only with your written authorization.  If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.

YOUR RIGHTS:

You have the following rights regarding Health Information we have about you:

Right to Inspect and Copy.  You have a right to inspect and copy Health Information that may be used to make decisions about your care or payment for your care.

Right to an Electronic Copy of Electronic Medical Records. If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity.

Right to Get Notice of a Breach.  You have the right to be notified upon a breach of any of your unsecured Protected Health Information.

Right to Amend.  If you feel that Protected Health Information we have is incorrect or incomplete, you may ask us to amend the information.  You have the right to request an amendment for as long as the information is kept by or for our office.

Right to an Accounting of Disclosures.  You have the right to request a list of certain

disclosures we made of Protected Health Information for purposes other than treatment, payment and health care operations or for which you provided written authorization.

Right to Request Restrictions.  You have the right to request a restriction or limitation on the Protected Health Information we use or disclose for treatment, payment, or health care operations.  You also have the right to request a limit on the Protected Health Information we disclose to someone involved in your care or the payment for your care, like a family member or friend.  We are not required to agree to your request.

Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.  To request confidential communications, you must make your request, in writing, to Sunil Chaudhari.  Your request must specify how or where you wish to be contacted.  We will accommodate reasonable requests.

Right to a Paper Copy of This Notice.  You have the right to a paper copy of this notice.  You may ask us to give you a copy of this notice at any time.  Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.  You may obtain a copy of this notice at our web site, www.crystalpm.com.

CHANGES TO THIS NOTICE:

We reserve the right to change this notice and make the new notice apply to Protected Health Information we already have as well as any information we receive in the future.  We will post a copy of our current notice at our office.  The notice will contain the effective date on the first page, in the top right-hand corner.

COMPLAINTS:

If you believe your privacy rights have been violated, you may file a complaint with our office or with the Secretary of the Department of Health and Human Services.  To file a complaint with our office, contact Sunil Chaudhari.  All complaints must be made in writing.  You will not be penalized for filing a complaint.

Click here to download a pdf copy.

If your server fails or if you choose to upgrade to a new machine you will need to manually transfer your Crystal PM database to the new computer. The following steps will demonstrate how to do this.

Prerequisites: You will need to make sure that none of your staff are currently working in Crystal and that the program is closed out on all workstations (including the server). You will need to budget for down time (30-60 minutes) depending on the size of your database. An external hard drive, flash drive or network location will be necessary to make the change over.

Note: The Crystal PM server/client software should be installed on the new server computer in advance.

To begin the database migration, you will need to stop the MySQL database. Click Start > All Programs > Accessories > right-click on the Command Prompt and select Run as Administrator.

The ‘administrative’ command prompt will appear.
Type in the following phrase where the cursor is flashing on this window: net stop mysql and press Enter.

The following window will appear informing you that the database was successfully stopped:

Minimize the Command Prompt and navigate to Start > Computer (or My Computer) > Local Disk (C:) > Program Files (or Program Files X86) > MySQL. Double-click on this folder.

Within the MySQL folder, click on data:

Within the data folder, you will see a folder titled easyopti:

Note: It is important to verify that your external device has sufficient space on it to transfer the database. To check the size of the database, right click on the easyopti folder and click properties:

The size of this database is 341 MB or 0.3 GB.

Verify that your external device is capable of containing this amount of data by reviewing the amount of space
available on the device (for this example, my device shows 4.06GB free of 7.45GB available).

Right-click on the easyopti folder and click ‘Copy’

Click on Start > Computer (or My Computer) > and locate your external device (mine is in the D drive):

Right-click on the removable device and click ‘Paste’. This will move a copy of the database to your external device:

The database will still be on the old server computer and can be deleted once the data has been moved.

Eject the removable device and connect it to the new server computer. The following window will appear:

Select ‘Open folder to view files’. Right-click on the easyopti folder and click ‘Copy’. Next you will need to stop the database on the new server computer. Navigate to Start > All Programs > Accessories > right-click on the Command Prompt and select Run as Administrator. The ‘administrative’ command prompt will appear. Type in the following phrase where the cursor is flashing on this
window: net stop mysql and press Enter:

The following window will appear informing you that the database was successfully stopped:

(Minimize the command prompt as you will need to go back to it after the transfer is complete)

You will now navigate to the new (empty) easyopti folder on the new server computer. Select Start > Computer (or My Computer) > Program Files (or Program Files X86) > MySQL > data

In the ‘white space’ below the folder right-click and choose ‘Paste‘. This will paste the easyopti folder (from the removable device) into the screen. You will be prompted to merge the new easyopti folder with the existing. Click yes to approve. If a screen appears referring to conflicts, select the ‘copy and replace’ option and check the box to approve for all conflicts.

Next, bring up the command prompt (that was previously minimized) and type in the following phrase: net start mysql and press enter:

You will be able to access Crystal PM.
Note: You will need to provide the server hostname to each of your workstations as you have switched computers and the information from the old server computer is no longer valid. You will also need to open TCP port 3306 in Windows Firewall on the new server computer if you are running this utility.

To locate the server computer hostname open the command prompt and type the term hostname.

For this example, the hostname of this computer is ‘Loki’. Enter this under Configuration > Server on your workstations and they will be able to connect and write to the Crystal PM database on the server computer.

It’s very important to back up your Crystal PM database as a preventative against theft, natural disaster, or hardware failure. This walkthrough will explain how to perform this function.

On your server computer perform the steps below:

For Windows Vista/Windows 7: Click on Start > Computer > Double-click Local Disk (C:).

Within the Local Disk you will see a folder titled Program Files. Double click this.Note: If your version of Windows is 64 bit you will see Program Files(X64). If you see this folder, open it.

For Windows XP: Click on Start > My Computer > Double-click Local Disk (C:).Note: If you do not see My Computer in your start menu, it will be on the desktop.

Within the Program Files (or Program Files X86 folder) you will locate the CrystalPM folder.

Double-click on the folder. Once it is open, you will see the various files that operate the program. Click the letter ‘b’ on your keyboard. The selection will show this backup icon.

 

Right-click on the icon titled ‘backup’ and mouse over the entry titled ‘Send To’. Choose the second option in the list titled ‘Desktop: (create shortcut)’.

This icon will appear on your desktop.
Note: To backup Crystal, you will need a form of removable media (flash drive, external hard drive, etc). A good rule of thumb is to have two external hard drives that you rotate out on a daily basis and to back the data up with the same frequency. Your data can be backed up to the server computer, but if the server computer fails, your data cannot readily be transferred to another machine and may be lost altogether.

To ensure that the backup icon is backing up the data to the proper location, right click on the backup-Shortcut icon and select ‘Edit’. The following screen will appear in Notepad:

There will only be two areas to edit in this screen. One is program files, if your server computer shows Program Files (X86), you will need to put the cursor after the word ‘files’, hit the spacebar once and type ‘(X86) as shown below:

This ensures that the data folder (within Program Files(X86) is being backed up properly. The second entry that you will need to edit is the filename where you see ‘e:backup’ in the screenshot. This drive letter must match the drive letter that your computer has assigned to the external hard drive or flash drive. To locate this, insert the device into your server computer’s USB port and click on Start > Computer and you will see the following:

For this example, my computer assigned my external device to the ‘D’ drive. On the backup shortcut editing screen change the drive letter from e to d (leave all other data on this page as it is)

Save the changes to the edits made here:
And your back up icon for Crystal is now setup.

Note: Do not run this during the day when your staff is using Crystal. The first step of the backup process is to stop the Crystal PM database which means that all users currently logged in will have their sessions in the program abruptly ended.

A good rule of thumb is to verify that all users are logged out of Crystal (including the server computer) and run the backup at the beginning or end of your workday as time permits.

Once the backup completes (time will vary depending on the size of your database) you can verify that the backup completed by clicking on Start > Computer > Removable Disk (D:). Within the external device, there will be a folder titled ‘backup’

Opening this folder will display similar information as you see here:

Click the item titled ‘Date modified’ at the top to view the most recent date that the data was backed up.

Note: This backup icon does not back up any other data on your machine other than Crystal PM.

If you’re IT person decides to move the Crystal PM database to a different drive on your server computer (for space requirements or performing backups), these are the necessary steps to facilitate this.

Note: You will need to ensure that none of your staff are working in Crystal while this is being done because the database will need to be shut down requiring all users to be out of the program (including the server computer).

For this example, I will move the live Crystal PM database to the ‘T’ drive:

Open this drive and create a folder titled ‘CPMData’:

To begin, click Start > All Programs > Accessories > (right-click on) Command Prompt and click Run as Administrator. Type in the phrase: net stop mysql and click Enter:

The database has been stopped at this point.
Minimize the command prompt window and navigate to Start > Computer (or My Computer) > Local Disk (C:) > Program Files (or Program Files X86) > MySQL.

Right-click on the MySQL folder and select ‘Copy’.

Navigate to the CPMData folder you created on the new drive you are switching the database to (exa: Start > Computer > downloads (\abeo) (T:) > CPMData. Once inside the CPMData folder, right-click and select ‘Paste’.

You will see the MySQL database folder in the CPMData folder at this point.

Note: This could take some time to accomplish depending on the size of your database.

Next, you will need to navigate to Start > Computer (or My Computer) > Local Disk (C:) > Windows > my.ini.
Double-click on my.ini and it will open in the Notepad.

You will need to edit the line ‘basedir=C :/program files/mysql to show (in my case):
datadir=T:/CPMData/mysql/data(Your data is now being stored/written to the file specified in this entry)
Save the changes to the my.ini folder and close out of it.
Now maximize the Command Prompt and enter the phrase: net start mysql

Crystal PM can now be accessed as usual on the server/workstation computers.

To install Crystal PM on a workstation running the Windows 8 operating system, you will first insert the Server & Client disk into your CD drive.

The following screen will appear:

Click the dark blue box and the following options will appear:

Select ‘Open folder to view files’.

Double-click on the ‘Client’ folder.

Click on the ‘Setup’ icon.

The program will load as follows. Click ‘next’.

Follow the prompts and click the ‘Finish’ button on this screen:

The following window will appear:

You will need to enter the server name or IP address of the server computer. To locate this, go to another workstation (not your server computer) in your office and open Crystal. Click Configuration > Server.

The information in this box is what you will need for the new workstation.
Note: Windows 8 may require a .NET framework installation to complete the setup. If it does, it will prompt you when you attempt to install Crystal.