Disaster Recovery: Planning for the Day You Hope Won’t Happen

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon

David KleinmanDisaster recovery is an event that PACS administrators hope that they never will have to confront, but it is increasingly clear that it needs to be a top-of-mind concern. Natural disasters, particularly tornadoes and floods, seem to be occurring more frequently, with greater intensity and with more resulting damage. Hospitals and imaging centers are not exempt from their effects.

The impact along the Gulf Coast of Hurricane Katrina in 2005 (with the subsequent levee breach in New Orleans, Louisiana) was a wake-up call to health-care IT staff that catastrophic disaster recovery planning to protect data storage resources must extend beyond a geographically vulnerable region. Restoring established PACS at some of the damaged health-care facilities proved to be daunting, and some patient files were lost forever.

Fast-forward past Superstorm Sandy to 2013: Newer technology services, such as secure cloud disaster recovery and archiving solutions, are making preparedness easier (and potentially less costly) than the use of tape or other media-based backup would be. This is good news for PACS administrators who are challenged by the growing size and quantity of medical images.

What is important is to assess disaster recovery requirements at regular intervals, according to David Kleinman, director of cloud services at FUJIFILM Medical Systems USA, Inc. It’s also important to verify continually that data are being backed up and can be accessed without unexpected problems, for both on-site and off-site storage. Of course, guaranteeing that HIPAA privacy and security requirements are being met to the letter of the law also is essential.

“Outsourcing data-transfer and backup services to a third-party provider is a very viable solution,” Kleinman says. “Cloud-computing companies that maintain HIPAA–compliant security offer many benefits to a hospital IT department. Initial costs tend to be lower, as a radiology department doesn’t need to make a large capital investment to make multiple copies of backup data or to expand tier 1 storage. Deployment of a data-recovery system is rapid and can be scaled. Round-the-clock services are provided without increasing local IT staff.”

Defining Service Criteria

Not all cloud-service providers are created equal. In addition to the basic requirements of data encryption and of maintaining security levels, additional criteria that must be defined with the vendor include:

• data rights and ownership,
• the location of data,
• how data are stored,
• how quickly data can be accessed and retrieved,
• the number of times that the data are duplicated, and
• how rapidly scaling can be added—and at what cost.

Service accessibility and uptime should be 24/7 and 99.99%, Kleinman states. Compliance and audit requirements should be spelled out, as well as a method that enables a subscriber to monitor performance independently. Data-migration issues and planning for service termination (and transition to another service) are also important to discuss up front.

For HIPAA purposes, it is important to get the vendor to sign a business-associate agreement. Such an agreement requires the service provider to notify the health-care customer if any improper use or accidental disclosure of health-care data has occurred.

What You Pay For

The level of security and service required will naturally have an impact on price. “Costs can differ greatly among vendors,” Kleinman says. “Companies that provide the most minimal services offer inexpensive data storage, but this is probably not an appropriate service for the mission-critical data that health-care companies need to protect. Companies that offer secure data transfer, multiple tier-4 data centers, 24/7 service, and rapid data-recovery services might charge a small fortune. It’s important to define your data-protection requirements and choose a cloud-service provider that understands the data and can provide you with a competitive price for its services.”

Fujifilm introduced its latest cloud-based storage service for both on-premises and off-site archiving and disaster recovery through Synapse® Cloud Services on April 2012. By taking advantage of the density and speed of linear tape-open magnetic tape storage, in conjunction with spinning-disk technology used in PACS, the solution provides a lower-cost full-service archiving and data-recovery product to hospitals and imaging centers (with PACS of all sizes and from all vendors).

Kleinman says that