Patient data at risk from poor processes

Huge increase in volume is 'generating problems that senior healthcare IT executives are not currently considering'
By Mike Miliard
11:14 AM
Patient data at risk from poor processes

Too many hospitals depend on outdated and inefficient practices to backup and archive their troves of patient data, according to a study published this week by HIMSS Analytics.

The survey, conducted in conjunction with Iron Mountain, polled 150 senior IT professionals nationwide to assess how they protect data from potential loss, and archive it to meet long-term compliance requirements.

The big takeaway? Inconsistent processes are putting data at risk and unnecessarily straining IT storage budgets.

Most respondents said they classify an average of 75 percent of their clinical data as "active" – meaning they store it onsite for immediate access, a surprising practice given that less than 30 percent of this data is accessed after 18 months, and could be moved to more cost-effective storage mediums, according to the report.

Meanwhile, barely more than half (52 percent) of hospitals reported that they have a data archiving strategy in place; of those that did, 83 percent cited compliance as the chief reason. Still, with much of the active data not accessed over time, an archive strategy can help reduce the impact on limited IT budgets.

Most concerning, 31 percent of respondents don't currently have disaster recovery and business continuity plans in place, raising questions about preparedness for delivering care in an emergency situation.

Also, 42 percent of hospitals said they don't have a documented data retention policy that specifies how long to keep backup and archival data and when they can destroy it – posing legal and compliance risks for the organization.

"The amount of data flowing through our healthcare system today has rendered the old ways of managing it obsolete," said Michael Leonard, director of product management, healthcare IT services for Iron Mountain.

"Data vital to the business and near-term clinical operations should be backed up to remote data centers, allowing for fast access and protecting the data from extreme weather events or other disasters that could wipe out onsite servers," he said. "Less active data being kept for compliance reasons or future research needs doesn't require the same level of access and can be stored on offline media."

Iron Mountain offered some tips for data management:

  • Set policies for what data should be stored where, and why. Depending on the age and type of the data, policies should be established that provide clarity on how to tier data and choose the right storage medium, such as SAN storage, cloud storage and removable media such as magnetic tape cartridges, according to the report. Organizations following this strategy keep the most current data readily accessible and reduce their storage costs by placing the oldest data onto less expensive media.
  • Make plans for disaster or data loss. Having the right policies in place for retention, destruction and disaster recovery can help ensure information is protected and available, say Iron Mountain officials. First, prioritize the data that's critical to getting the organization back up and running, then make sure it is stored in the right tier whether that means in the cloud, replicated in a data center, or on magnetic tape cartridges.
  • Make use of automation and outsourcing. As healthcare data grows exponentially – in as much as 40 percent each year – hospitals should prepare themselves by deploying a data lifecycle management strategy and enlist the help of partners to properly implement data backup and archiving practices, the study shows. Outsourcing allows hospitals to offload their storage management burden, reducing the need to incur large capital expenses and labor costs.

"By 2015, most hospitals are expected to have undergone a massive, data- and reform-driven transformation," said Lorren Pettit, vice president, market research, HIMSS Analytics in a press statement. "Between the conversion to ICD-10 for better coding, meeting meaningful use milestones for data sharing at the point-of-care, and the continued influx of EMR/EHR systems, hospitals will have created an exponential proliferation of data volume."

Pettit added that this explosion of data is "generating problems that senior healthcare IT executives are not currently considering, making the need to develop a successful strategy to manage and protect that data essential."

Access the full report here.

[See also: Data center outages come with whopping $8K per minute price tag]