Disaster Recovery Solutions: Best Practices for Healthcare Organizations

The Importance of Optimizing Data Storage

HIPAA guidelines are not a bully tactic. Yes, not remaining in compliance with HIPAA standards can result in huge reputational damage, legal action and big fines. However, the standards were implemented in order to reduce the instances of lost records, human error in medical transcriptions and many other issues that medical offices faced before a central standard was implemented.

Looking into the cloud as a solution for data storage is just smart. The cloud can provide security you may not be able to implement alone while also providing automatic backup. What’s more, it can allow organization to integrate records easily with their counterparts. Electronic health records are simply more efficient and less error-prone. Combine this with the HIPAA standard, and you have a baseline that you can rely on regardless of where you experience medical care.

The drawback, on-premise disaster recovery solutions can quickly become very expensive. The alternative is to utilize the security that comes with managed services like BaaS (backup as a service) combined with Disaster Recovery as-a-Service (DRaaS). Moving into the cloud gives you a full range of data protection features that your organization cannot afford on its own.

With that in mind, let’s take a look at some of the strategies you should implement as best practices for a hospital disaster recovery plan.

Identify Your Critical Systems

The best security always comes from a full understanding of how to recover from a catastrophic situation. The first step in creating a proper disaster recovery solution is identifying your most essential systems. What do you need to get these systems back into fighting shape after an outage?

First you should define your goals for recovery, namely your RTOS and RPOs. What is an acceptable level for both of these and how can you obtain what you are looking for? In a lot of cases, obtaining the right RTOS and RPOS on premise is no longer achievable without extensive work.

Defining RTOs and RPOs

Any disaster recovery solutions provider that you consider should be able to keep up with the RTOs and RPOs that you have set internally. Recovery without a reasonable deadline still loses business and cuts into your reputation. Make a note of industry standards in terms of recovery time, and find a firm that can get this done for you.

You should also make sure that your estimates are feasible. Research what the best case scenario for recovery is so that you do not create an impression of recovery that cannot be accomplished. Once you have these numbers in tow, you can create a recovery plan for your data with an expert. This far outpaces a simple backup plan, which may or may not give you the resources and strategy for a timely recovery.

Housing Critical Data

The first question you must ask about your critical data is where it is being housed. According to the Disaster Recovery Preparedness Council, only 27% of companies are actually ready for a full on disaster. With the average cost for a data breach reaching around $3.6 million, this is not company that you want to keep.

The healthcare industry has one of the most expensive penalties for housing data in the wrong place – around $380 per record. This is around 2.5 times the average for all industries.

The most important aspect of housing your data is to make sure that it is in multiple locations. The 3-2-1 backup rule is one that many experts swear by. This format means that you keep at least three different backup copies. These copies are kept on at least two different types of media. One of the copies must be off-site. The reason for this is that simply having a backup does not mean an efficient restoration process, especially if you are working from a legacy backup system.

How You Are Getting Files Back

Timeliness matters just as much as the veracity of your files in the modern world of medicine and business. Many healthcare organizations are now using all flash arrays with encryption for the fastest recovery. This method may be a bit more expensive, but it definitely adds to the peace of mind for many in-house IT specialists.

We are also seeing a trend in healthcare organizations adopting object file systems for archiving that will give you the capacity to recover fully without taking on huge costs. With object storage, you can easily find the data you need, when you need it without over paying for expensive tier 1 storage. This way, you also have the information housed where you need it, when you need it.

You must also be sure that you have certain features in place in order to ensure that your records come back to you as clean as possible. Deduplication is very important, with some security experts calling it essential. If you are compressing your data, you must be sure that it is lossless compression so that you get back after an outage in its best form. You must also make sure that the storage platform you are using is properly retaining information and performing backups in a timely manner.

PACS Data

Finally, you should have a plan for PACS data. The best plans here are always holistic, usually covering three essential areas – backup, accessibility and movement. Your medical data should be backed up at regular intervals, fully accessible to all appropriate parties and able to be moved back into its original environment in a timely manner. Anyone of these features that is missing will cause undue strain on the digital infrastructure of a medical data system.

For more information on help with your critical healthcare data, reach out to Comport’s team of data protection and recovery experts.

Bill Flatley, Field CTO for Healthcare

Bill is responsible for technical strategies and recommendations for Comport’s Healthcare clients. His extensive experience includes four healthcare systems in leadership roles supporting Clinical Applications, Digital Health, and Office of the CIO as the primary liaison between IT and the business.