Disasters happen: Best to be ready

Data, IT at risk in disaster zones
By John Andrews
10:55 AM
Hurricane Katrina

On any given day, a disaster occurring somewhere in the country is making news – whether it’s wildfires out West, floods in the heartland, a major tornado in Oklahoma or a ferocious storm like Hurricane Sandy hitting the East Coast. And while the focus is (rightly) on the human toll and physical destruction these events cause, little attention is paid to how important data and IT infrastructure is lost to provider organizations in the danger zones.

Perhaps that lack of publicity is why putting a disaster recovery plan in place hasn’t been a high priority for a number of healthcare providers. Vendors report that many of those who do have a backup plan are still using antiquated tape and that adoption of more sophisticated disaster recovery programs remains at a low level.

“Despite the critical importance of keeping data safe, not enough organizations are taking it seriously,” says Steve Deaton, vice president at Garner, NC-based Viztek. “Either they don’t want to spend the money on it or lack the desire to figure it out.”

While natural disasters are a legitimate threat to the preservation and access to medical data, other threats like the East Coast power outage of 2003 also loom large. Viruses and system attacks by hackers and terrorists must also be considered to be a very real possibility.

Overall, medical data is more vulnerable than it has ever been. Even so, data protection has also advanced rapidly over the past decade, as Deaton attests.

“Ten years ago we provided customers with two options – getting their own media that they made a copy of every day and took to a safe deposit box or over the cloud,” he says. “But back then the Internet was slow and expensive, so everyone burned a DVD every night.”

The digital revolution – especially through electronic medical records – has created patient profiles that are much more extensive and layered so that losing the data has even larger consequence, Deaton says. For instance, PACS images contain a wealth of information about the patient, and he says preserving those files has become a more complicated process.

“Today’s PACS files contain much more than images – they include data that is supportive of billing, insurance and profitability,” Deaton says. “We are past the day of taking everything digital – we are now homogenizing and making everything accessible for one program. So disaster recovery is no longer just one isolated facet.”

Kim Krisik, business development manager for Vernon Hills, Ill.-based CDW Healthcare sees a lot of procrastination among health systems when it comes to disaster recovery.

“They have the mentality of ‘maybe we can get by until next year,’” she says. “When we ask about their disaster plan, it is usually old.”

In writing a master’s thesis on disaster recovery, Krisik learned that “hundreds of thousands of records” were decimated in the floodwaters after Hurricane Katrina in 2005, essentially erasing the medical histories of many New Orleans residents. But in just a few short years, the electronic records format in places like New York has helped preserve medical data and allow providers to continue serving patients without missing a beat.

When considering whether or not to adopt a new disaster recovery system, Krisik offers this advice to providers: “It is better to say ‘I’m glad we did it’ instead of ‘we should have done it.’”

Not all records were wiped out during Katrina, however, adds Michael Simon, enterprise imaging executive for Greenville, SC-based Agfa. While “a majority of our facility installs were hit very hard and most of them had downtime, by the time we went operational, we were able to retrieve data.”

Expect the unexpected

Duchess County, N.Y., is well inland from the ocean, and as part of the Hudson River Valley it is considered to be “upstate New York” – and not in the direct path of hurricanes. Yet Tropical Storm Irene in 2011 dumped massive amounts of rain in the Wappingers Falls area and flash flooding caused widespread damage.

Mary Anne Salcetti, DDS, remembers the day well: “The property where my practice is located received four feet of water and even though it had drained by the time I entered the building, I was amazed at how much damage was done. The first thing I noticed when I tried turning on the computer was that water kept running out of it. The hardware was ruined. Fortunately a laptop was up high enough to escape the water and because I had a disaster recovery system, I was able to access all the data from that computer.”

Just the prior year, Salcetti decided to work with Mountain View, Calif.-based Axcient and local IT provider IES on a cloud-based business virtualization system, which paid dividends even sooner than she thought.

“Having Axcient’s technology was pivotal for me to be able to recover quickly and get back up to speed,” Salcetti said. “So many of my peers are still using tape backups and I can’t imagine why. The Axcient system is simple and effective.”

Approximately $30 billion is lost each year due to downtime and irretrievable data caused by disasters of all kinds, says Eric Weiss, vice president of marketing at Axcient.

“That $30 billion is a pain point in which revenue is lost, so when systems are down, providers can’t produce or deliver services,” he said. “That number also represents lost productivity due to employees being idle (estimated to be more than $400 per physician per hour) and the financial impact if the organization is fined for data loss or a security breach.”

The cloud ‘garage’

Over the past 20 years, data recovery has evolved from “shuttling hardware” in the ‘90s to establishing a cloud-based “garage” for storing information from a health network’s disparate systems, says Dave Dimond, healthcare industry chief strategist for Hopkinton, Mass.-based EMC.

Meaningful use and accountable care organizations are driving integrated delivery networks and other hospital systems into consolidated relationships, he said, which requires a storage solution that aggregates data from various sources. By working with different vendors to the proper certification, EMC is focused on creating new areas for virtualization and developing new opportunities for a “pooled structure” that houses everything.

Though some might find fault in the concept of “putting all eggs in one basket,” Dimond says the process is really about “putting all eggs in the right basket.”

Andover, Mass.-based NaviSite also uses a cloud platform because its storage capacity is “so much better than big iron,” says Chris Patterson, vice president of product management. In fact, the company’s new virtual desktop program enables users to access their computer content from any device anywhere.

The cloud configuration is just the latest example of the migration toward the cloud, Patterson says.

“Customers are so much comfortable with it,” he said. “When it’s all out there, there is no need to host it locally. The comfort level is building for healthcare. It won’t be a 100 percent shift, but it will be predominant.”