Patient data at risk from poor processes
Too many hospitals depend on outdated and inefficient practices to backup and archive their troves of patient data, according to a study published this week by HIMSS Analytics.
The survey, conducted in conjunction with Iron Mountain, polled 150 senior IT professionals nationwide to assess how they protect data from potential loss, and archive it to meet long-term compliance requirements.
The big takeaway? Inconsistent processes are putting data at risk and unnecessarily straining IT storage budgets.
Most respondents said they classify an average of 75 percent of their clinical data as "active" – meaning they store it onsite for immediate access, a surprising practice given that less than 30 percent of this data is accessed after 18 months, and could be moved to more cost-effective storage mediums, according to the report.
Meanwhile, barely more than half (52 percent) of hospitals reported that they have a data archiving strategy in place; of those that did, 83 percent cited compliance as the chief reason. Still, with much of the active data not accessed over time, an archive strategy can help reduce the impact on limited IT budgets.
Most concerning, 31 percent of respondents don't currently have disaster recovery and business continuity plans in place, raising questions about preparedness for delivering care in an emergency situation.
Also, 42 percent of hospitals said they don't have a documented data retention policy that specifies how long to keep backup and archival data and when they can destroy it – posing legal and compliance risks for the organization.
"The amount of data flowing through our healthcare system today has rendered the old ways of managing it obsolete," said Michael Leonard, director of product management, healthcare IT services for Iron Mountain.
"Data vital to the business and near-term clinical operations should be backed up to remote data centers, allowing for fast access and protecting the data from extreme weather events or other disasters that could wipe out onsite servers," he said. "Less active data being kept for compliance reasons or future research needs doesn't require the same level of access and can be stored on offline media."