Not long ago, I learned a lesson personally that many industries are also grappling with — especially the healthcare industry. My experience – like their current challenges — involved the ramifications of losing valuable information. In my case, someone stole my handbag. One of my most valuable items, my smartphone, was in the bag. The police were able to recover my phone, for which I was very grateful, but everything else was lost. During that time, I thought about what I would do if my phone had also gone missing, and realized my immediate concern would be for the information I carry on it. It would take weeks for me to piece together everything I needed.
That week I decided to buy a newer model that automatically backs up my phone’s data to the cloud so that it will be far easier and faster for me to get back to business, should disaster strike again.
Meeting HIPAA requirements for disaster recovery
Fortunately, I am not required by law to have a plan to recover my personal data. However, healthcare providers have it a little tougher. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), healthcare providers must operate under the clear understanding that disaster recovery is a HIPAA requirement. Fortunately, the act is written to be “technologically neutral,” which leaves room for each covered entity to choose the technology best suited to its needs.
When discussing disaster planning, I often advise people to consider two very important things:
- Can your systems move data to the disaster recovery site without violating standards for privacy and security?
- If you must restore operations at another data center, are you able to restore all of the safeguards for the data also?
3 Disaster recovery technology options for healthcare
There are three main disaster recovery technology options. Of the three, a cloud-based vendor-neutral archive solution may be the best choice for most healthcare organizations, as it can be the most efficient as well as most scalable as needs change.
1. Tape/Disk offsite storage. This is the oldest and most well known system for backup, where the organization maintains on-site backups and also stores a second set off-site. This is a highly manual process, and off-site backups are not as current as on-site versions. Additionally, because data is offline, there are typically delays to access it, which can be critical during a disaster situation.
2. Disk-to-disk-to-cloud. In this scenario, a backup server stores backups locally, but also uploads a second backup to the cloud for safekeeping. This can, unfortunately, reduce efficiency and tie up bandwidth. It can also create complications if the organization requires a single consolidated copy of protected data for e-discovery, compliance, or other purposes.
3. Cloud-based, vendor-neutral archive. Backing up data, such as medical images, directly to the cloud is the easiest and most direct method of disaster recovery with the least amount of manual consideration. It provides a single source of consolidated data for compliance and is the fastest recovery option.
Cloud-based, vendor-neutral archiving and a universal viewer gives you the added benefit of being able to access imaging data should your picture archiving and communication system (PACS) go offline. This not only supports disaster recovery, but it is also a business continuity solution. For example, it provides access to images from the cloud using a highly secure FDA-cleared clinical diagnostic viewer that works on any device (e.g., smart phone, tablet, laptop, computer).
It is important to consider all of your options and look to partners that can help healthcare providers meet federal HIPAA standards. Like backing up your smartphone or computer, you’re ensuring that when disaster happens, you’re prepared.