The September 11 terror attacks in the U.S. have prompted hospitals and radiology departments to take a hard look at disaster recovery. AuntMinnie.com is pleased to present Part III of a three-part series that examines what can be done to enhance disaster preparedness, and provides suggestions and examples of how to protect and recover digital images and data in case of disaster.
The standards of the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) require accredited U.S. facilities to develop emergency preparedness plans. JCAHO requires that health information be protected against loss, destruction, tampering, and unauthorized access or use.
Among JCAHO requirements, healthcare facilities must:
- Conduct a hazard vulnerability analysis.
- Define internal and external command contacts.
- Describe how and when a disaster plan is to be activated.
- Establish an alternate care site.
- Establish backup internal and external communication systems.
Regularly test its backup plan once it is in place.
This is fine as far as it goes, but for hospitals using the application service provider (ASP) model, does the ASP provider protect the data? In addition, some administrators have expressed concern about having data outside the radiology department because of privacy rules in the Health Insurance Portability and Accountability Act (HIPAA), so there must be access for the proper staff without compromising the security of patient records.
Radiology staff are concerned about maintaining access to images in case of disaster, but hospital information systems (HIS) people aren't necessarily on board with the problem. That is, patient information (charts, lab work, billing data, etc.) is increasingly electronic, but there may be little thought given to facility-wide integration with the RIS. The American Health Information Management Association (AHIMA) Web site (www.ahima.org), for instance, makes no mention of PACS.
There is also an overriding cost consideration. Large medical centers and multihospital networks may find it economical to centralize images and data in offsite storage facilities -- even automatically sending duplicate electronic copies of studies for archiving. But again, the digital age hasn’t completely taken over, and even the largest medical centers remain partially film-based.
Smaller facilities are moving to digital storage more slowly, and many cannot afford to digitally transmit backup copies of their studies to a secure, offsite location. For example, a 150-bed hospital in a town of 20,000 could face significant financial obstacles when trying to establish offsite disaster redundancy and satisfy HIPAA requirements. Data storage and access needs are one of the principal forces driving the consolidation of hospitals into multihospital groups that have the requisite financial muscle to establish centralized data storage.
Keys to making it work
Redundancy and disaster recovery can be seen as two separate things. If a hospital simply makes a backup copy of every tape and keeps the data offsite, that's not necessarily disaster recovery. It's simple data redundancy.
If the radiology or IS department is making backup copies of tapes and storing them offsite, and there’s a fire or a flood inside the data center and the jukebox (automatic media handlers for optical disk drives) is destroyed or damaged, a box of tapes will be all that is left. Now you have to buy or rent another jukebox or try to work something out with the vendor to get one quickly. It may mean days of downtime.
Many healthcare facilities make backup copies of images and data, fooling themselves into believing they have made reasonable recovery plans when they really haven't. Backup disks sit around all week until they are delivered to an archiving warehouse. Thus, the most-important, most-recent images are the ones that would be destroyed in an internal disaster.
Then again, does it matter if you save the data if you don’t have a hospital? PACS is network-dependent, so if the network goes down, it doesn’t matter how good your disaster recovery plan may be. In addition to the cost of transmitting digitally, potential network failure is the reason why many facilities double-burn a disk that can be manually stored offsite -- like a bank safe deposit box.
A disaster-safe PACS is typically in the most elevated geographic location possible, secured behind locked doors. It has raised floors, its own fire suppression system, its own backup generators. Most of its key components -- archives and servers -- are in a secure environment. The key places are the server and the modality interfaces. Four main components would be in the IT area -- the file server, the Web server, the PACS/RIS interface, and the onsite archive.
ASPs or offsite mirror archives are ideal for disaster avoidance and recovery, but they are expensive. A connection between servers would be built right into the PACS architecture, and everything stored offsite would have secure portals.
Eventually, major vendors will not only provide RIS/PACS/ASP solutions in a seamless package, but they will also offer services to maintain the archive and keep the data accessible. At present, PACS vendors usually partner with archive vendors.
An ASP model costs more, but may be the solution of choice, because if there is a problem on your site, in which the data center is down or the jukebox is destroyed, the all-digital system will remain available and functional. There is virtually no downtime, because requests are operating across the wide-area network (WAN) to offsite data centers.
If a hospital has a jukebox or a functional offsite archive now, it can set up a PACS or a system onsite, so that the images are also being simultaneously copied to offsite data centers. Jukeboxes are slow and prone to break, because they are highly mechanical. But if the outside jukebox goes down, the request can be redirected to the data center.
It may be practical to put a year’s archive onsite, so that all the images in the last year are on a large RAID-based server, and a study can be pulled up in a second or two. But there still should be offsite redundancy. Older studies can be transmitted (or transported) to a data center for permanent storage.
If a facility doesn’t have an archive and is buying a new PACS, or if the existing archive is obsolete, both onsite and offsite storage is available by contract. The most recent films are stored onsite (usually in the basement), and older films are usually warehoused offsite. Ironically, the film images that radiologists are least likely to need are the best protected, while the ones they are most likely to need are the most vulnerable.
In a true disaster, a hospital might do best by rolling in a trailer with computers, hooking up via satellite link, and bringing the information to the local computers while the buildings and physical plant are restored. This is the ASP model, dependent in most cases on expensive high-speed data connections. It may be an impractical solution until the cost of telephone connectivity drops over the next few years, however. Until connectivity becomes affordable, most hospitals will not have imaging data truly replicated in a secure, offsite location.
Archiving media change, so old archives have to be maintained. The magnetization of tapes must be refreshed every few years. But until truly affordable offsite ASP models become more widely available, tape or disk backup is a practical alternative.
By Robert BruceAuntMinnie.com contributing writer
January 31, 2002
Related Reading
Disaster recovery case study #1: The Dallas VA alternative
Disaster recovery case study #2: UCSF’s model for PACS recovery from offsite storage
Disaster recovery in radiology, Part II: The New York City experience, January 24, 2002
Disaster recovery in radiology, Part I: Protecting your images and information, January 17, 2002
A roadmap for implementing HIPAA in radiology, July 26, 2001
Bibliography
"Definition of the health record for legal purposes," American Health Information Management Association, October 2001, Volume 72-9.
"Disaster planning for health information," American Health Information Management Association, May 2000, Volume 71-5. Health Insurance Portability and Accountability Act of 1996 (HIPAA).
"Hospital resources for disaster readiness," American Hospital Association, November 1, 2001.
"Mobilizing America’s healthcare reservoir: emergency management in the new millennium (PDF)" Special Issue of Joint Commission on Accreditation of Healthcare Organizations Perspectives, December 2001, Volume 21, Number 12.
"Picture archiving and communication system (PACS) security plan," Ward M. Terry, Dallas Veterans Affairs Medical Center, Dallas, April 2000.
"Plan for the worst before disaster strikes," Hospital Management Technology Magazine, June 2000.
"Protecting the privacy of patients’ health information," HHS Fact Sheet, Department of Health and Human Services, July 6, 2001.
"Simulation of disaster recovery of a picture archiving and communications system using offsite hierarchical storage management," David Avrin et al, Journal of Digital Imaging, Vol. 13, No. 2, Suppl. 1, May 2000
Copyright © 2002 AuntMinnie.com
