How far we’ve come. In 2003, fewer than five percent of hospitals in the U.S. had any form of electronic records and probably less than one percent of doctors’ offices. By 2012, EHR penetration in hospitals was 85 percent.
Now what to do with the torrents of digitized patient data? With the challenges of storing and handling data in compliance with HIPAA/HITECH requirements and the real-time dynamics of making data available 24/7 to authorized users on multiple devices, hospital CIOs and CSIOs are painfully aware of growing data storage management burdens.
The burden will only get worse. More data from more sources, required by more people and organizations linked to the healthcare ecosystem, is keeping the pressure on. Maintaining more medical records and patient information for big data analytics to improve patient outcomes, evaluate efficacy of alternative treatments, identify fraud, forecast potential treatment complications or a million other things will also swell data storage requirements in healthcare.
‘”Storage utilization growing by leaps and bounds – often unpredictably. Supporting that infrastructure internally from both technology and business perspectives requires big capex and specialized skill sets,” said Mike Meyer, Peak 10 solutions engineer. “People have many questions when it comes to outsourcing storage and they’re uncertain what to expect regarding performance and data security. We’re at the same point today with cloud storage that we were at with cloud computing several years ago. It requires a lot of education and shopping to understand what’s available, how it fits and how it can be best utilized.”
The sheer amount of data that the modern medical organization collects will soon render in-house storage systems and other traditional IT infrastructures impractical. Building out and maintaining large-scale storage internally is expensive, and physical space at many hospitals is at a premium. Yet many hospitals remain reticent when it comes to the cloud as a significant part of their storage strategy as a recent HIMSS Analytics survey shows. The most popular methods of data storage among hospitals and health systems include:
- Storage area network system (67 percent)
- External storage media, such as tapes or discs (62 percent)
- Network attached storage system (45 percent)
- Vendor solution/storage is outsourced (26 percent)
- Cloud computing (24 percent)
- Direct attached storage system (22 percent)
Storage area networks, or SANs, are the most popular technology for large hospitals. Smaller hospitals are relegated to less expensive (and complex) systems of offline storage including CDs, DVDs, and tapes.
While all this has been happening in the healthcare industry, cloud data storage has been on the move as well. Commenting on the state of the industry in recent report, Forrester Research Inc. stated that storage has emerged as a key competitive differentiator among cloud service providers, saying “Premium cloud storage services with scalable, guaranteed transaction performance represent the latest wave of innovation, and service providers are adding this capability at a rapid rate.”
Of course, weighing heavily on the minds of hospital CIOs and CSIOs is HIPAA/HITECH compliance.
Peak 10 is among the very few infrastructure and cloud providers who have made HIPAA-compliant infrastructure and cloud services a core competence. It’s a business we specialize in. And with the HIPAA Omnibus Rule (a.k.a. the final rule), sorting out the pretenders from the real players will be easier for customers.
In order to service the compliance burden of these customers, a cloud service provider (CSPs) now must meet many of the same HIPAA requirements as its hospital customers, which demands a significant and sustained commitment and investment. The CSP is required to sign “business associate agreements” (BAAs), which spells out how it will report and respond to a data breach, including those caused by subcontractors. That is, the CSP has more skin in the game. Both the cloud customer and CSP are responsible for keeping patient data secure. Both suffer the consequences if that data is compromised. The data storage burden on hospitals is on an exponential growth path that is never letting up.
Continuing to rely so heavily on internally directed storage strategies and the people required to sustain them is a questionable application of scare resources. Armed with the “final rule” hospitals can see more clearly who the serious IT infrastructure service providers are and which ones speak the language of HIPAA/HITECH compliance. At Peak 10, we not only speak the language. We’re fluent at it.
Forrester Research, Inc., “What The Evolution Of Cloud Storage Means For I&O” by Henry Baltazar and James Staten, February 14, 2014.