Healthcare Information Security

Cloud News

Using Disaster Recovery Planning for Healthcare Data Security

NCH Healthcare System discusses how it strengthened its health data security approach with a comprehensive disaster recovery plan with image archiving.

- There are numerous scenarios where a covered entity may need to implement a disaster recovery plan, such as a natural disaster or even a ransomware attack. Healthcare data security must remain a top priority in any such situation, which is why organizations must ensure they have the necessary tools in place to keep sensitive information secure and properly backed up.

Healthcare data security must be considered for imaging archiving

Naples, Florida-based NCH Healthcare System needed a secure option for medical imaging archiving, according to Director of Radiology Jim Bates. After reviewing several new options, NCH opted to renew its services with Dell Services, Bates told HealthITSecurity.com.

When NCH first started looking for offsite image archiving options, they were looking to implement a picture archiving and communication system (PACS).

“We were searching for the right combination of equipment, archiving, image transfer, etc.,” he said. “We were doing our due diligence, and visiting other hospitals that already implemented PACS, and it became quite apparent that the archive was a huge part and also probably the weakest link. As the archive materials changed – tape or DVD for example – everybody had a different view.”

According to Bates, this was an ideal option because NCH is located in a part of the country that is susceptible to potentially damaging storms, such as hurricanes. There are two offsite locations that the facility uses to store images, and NCH is also not limited to a seven year time limit when it comes to storing images.

READ MORE: Healthcare Cloud Security Concerns Not Impediment to Usage

“Most people use that as a guideline to get rid of old film or images,” Bates explained. “We keep it as long as we want to and radiologists prefer it that way. If they need to look back on someone’d history, a lot of times they’ll go past seven years.”

Along with secure imaging access from multiple locations, Bates said that the archiving and retrieval process itself are extremely efficient. There is also greater cost predictability and the imaging workflow is more automated, which helps keep employees productive.

The cloud-based aspect is a great boost to healthcare data security, and lets clinicians access the images whenever they need. This is also beneficial to patients, he added, as they no longer have to bring their own images with them on visits.

NCH has approximately 3 million images dating back to 2003 that are accessible from two sites, Bates added.

The NCH unified clinical archive (UCA) consists of local onsite storage, which is also backed up by redundant offsite archiving. It also complies with the Digital Imaging and communications in Medicine (DICOM) standard in terms of secure handling, storage, and transmission of medical images.

READ MORE: Why Healthcare Cloud Management is a Top Industry Concern

Cloud-based solutions are becoming an increasingly popular option for business continuity and disaster recovery functions. Just this past May, a survey by Level 3 Communications Inc. and HIMSS Analytics found that 47 percent of healthcare IT professionals planned on using a cloud service to help develop a more comprehensive data security framework.

However, just 13.3 percent of respondents said they currently had a cloud service that provided business continuity and disaster recovery capabilities.

Overall, cloud services are increasing in demand for other services as well, the survey found. For example, 41 percent of participants said they plan to use a cloud service to advance HIE while 46.7 percent said a cloud product will be used for back office solutions, such as Office 365 and email.

“Many healthcare organizations are using cloud solutions today, but this is only the beginning,” HIMSS Analytics Advisory Solutions Group member Kyle Mumley said in a statement. “[T]his study supports those findings with 85 percent of participants indicating plans to use the cloud in 2016. The study also shows that the primary drivers for this shift are cost savings and disaster recovery initiatives.”

What healthcare organizations should look for in disaster recovery planning

READ MORE: 3 Ways to Break Through the Healthcare Cloud Security Fear

It’s important to think about the future, according to Bates, when it comes to image archiving and keeping data secure. Healthcare organizations should think beyond their current PACS system.

“We changed PACS systems,” he said. “When we did that, if we didn’t have a typical archive,we would have had a huge problem. Since we had an archive that’s designed as it is, when we changed PACS vendors, it didn’t change the archives at all. We were still pulling images. That was unaffected and it was completely invisible to us.”

Essentially, the right disaster recovery plan will not only last, but will be able to meet all kinds of different scenarios, Bates maintained. There should be redundancy, images should be available quickly, and the older images should still be available if needed.

Another key consideration in terms of healthcare data security and overall workflow is the increasing size of the images themselves, according to NCH Radiology Systems Administrator Jeff Preyers.

“The other key component to this is the data connection to archive servers and/or local PACS systems,” Preyers stated. “If you look at it this way, your slowest connection is only as fast as you can go. No matter what you have at both ends, but if the connection is the middle is very small, that’s only as fast as you can go.”

Radiologists want images quickly, he said, but sometimes organizations may be limited to the amount of bandwidth they have between facilities.

Dig Deeper:

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks