Over the past several years, physicians and other ancillary healthcare workers have shifted away from paper documentation to the use of electronic medical records (EMRs). The establishment of the Medicare and Medicaid Incentive Programs (now called the Promoting Interoperability Programs) by the Centers for Medicare and Medicaid Services in 2011 has further served to hasten this transition. Under this program, providers and eligible health facilities receive federal payments for their adoption and utilization of electronic health systems.
With this increase in medical data being stored electronically, it is essential to have a disaster recovery plan in place to ensure that your healthcare facility can still function if its data is lost or corrupted. An effective disaster recovery plan lets you restore your medical data and resume normal processes with minimal downtime following any type of data loss. Without a disaster recovery plan, your business may have a delayed recovery or even fail following any type of significant data loss.
There are several factors to be taken into consideration when setting up an effective disaster recovery plan for your healthcare organization; addressed below are some of these considerations.
1) Mission critical applications and data
All data are not equal in a healthcare organization; some data, known as mission-critical data, are more relevant and essential to the functioning of the organization. The inability to successfully restore mission-critical data following its loss or corruption can severely hinder a healthcare organization's ability to rapidly recover and resume normal processes. As part of a disaster recovery plan, a business impact analysis should be performed to identify all mission-critical data and applications; during the data backup process, these mission-critical data should receive the highest priority. Furthermore, during data recovery after a data loss event, the mission-critical data and applications should be among the first to be restored.
2) Data backup plan
Having a data backup plan is another key consideration of an effective disaster recovery solution. A data backup plan dictates which medical data to back up, how frequently the data should be backed up, as well as how long the data can be stored; these, in turn, are dictated by the type of medical data as well as the storage capacity of the secondary data storage sites. Ideally, mission-critical data should be backed up the most frequently as its loss has the most negative impact on a healthcare organization.
3) HIPAA compliance
Title II of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 mandates that all medical information should be managed in such a manner that ensures that patient privacy is adhered to; failing to abide by this law can lead to financial as well as other penalties from the government. As such, the data backup solution used as part of a disaster recovery plan should offer adequate protection and ideally, encryption, of patient medical data so as to remain HIPAA compliant.
4) Disaster recovery solution
One of the most important considerations of an effective disaster recovery plan is the site and type of secondary storage to be used to back up medical data. There are two primary types of storage sites that can be used for this purpose:
- Physical data centers – These secondary physical data centers are located away from the primary data storage sites. One limitation of the physical center is that it is not readily scalable; space constraints may limit the frequency as well as how much data can be backed up.
- Virtual servers – This is the optimal disaster recovery solution. The virtual secondary data storage sites are hosted in the cloud and managed by third-party service providers. The managed service provider assumes the responsibility for the security, upkeep and proper functioning of the virtual servers. Additionally, this solution is easily scalable, with no limit as to how much data can be stored.
At NewCloud Networks, we know how important is to have a disaster recovery solution for your health care business, and we’ve working with several health care providers to put solutions in place. With our Disaster Recovery as a Service (DRaaS) offering, you can rest assured that your medical data is securely stored and can be readily retrieved as needed. Contact us today to get started with a disaster recovery plan for your business.