policies and technology that ensure secure access and provide proper retention so necessary information is available when needed. Mobile devices utilized for remote access and sharing of patient data also need to have controls to ensure patient data is not compromised.
3. Educate employees via regularly scheduled training sessions on how patient information is accessed and collected during a disaster. Continually update and im- prove the training by learning from recent disasters, such as Hurricane Sandy.
Let me bring these principles to life with an example. Two years ago, a major hospital in Joplin, Mo., was devastated by a violent tornado. T e hospital had implemented electronic health records (EHRs) six months prior. It also had in place data management policies and an employee education program that included disaster recovery procedures. As a result, the hospital was prepared to engage sister facilities in the area to help treat local patients, including emer- gency surgeries, within 48 hours of the disaster. For these patients, disaster preparedness made a diff erence that can’t be measured.
Cristine Kao, Carestream Pete Lamson, SVP, Carbonite
The DR solution lies in the cloud One of the most important components of any disaster
preparedness plan is determining how you will protect and recover your business data in the event of an incident. A recent survey conducted by Carbonite found that 68 percent of small medical offi ces (less than 20 employees) back up their own data, but many smaller practices are actually using back-up methods that leave business data vulnerable to data loss, including external hard drives (45 percent), USB and fl ash drives (36 percent) and CDs or DVDs (29 percent). Manually backing up with these devices is time consuming and cumbersome, and you run the risk of device failure, theft or having your backup hit by the same disaster as the original data. Medical practices can be relieved of these burdens by
protecting their data in the cloud. It sounds complex, but cloud back-up solutions do the work automatically in the background, plus they are secure and aff ordable. Many pro- viders already use cloud computing in the form of electronic medical record (EMR) solutions that store patient data, but there is a need for HIPAA-compatible and secure backup for other types of fi les, including documents, fi nancial and accounting records, and email. Look for a service that trans- mits your protected fi les off site to secure servers to ensure they are safe from just about anything that might happen in your offi ce. Once your data protection strategy is set, add it to your written disaster preparedness plan so you can share it with all employees and key external contacts. T en, it’s time to practice. While it may generate some eye rolling, companies that walk through a disaster simulation have a far greater chance of successful recovery.
Move DR to the cloud: Cut costs, improve workfl ow As healthcare providers trim costs and redundancy in healthcare IT systems, they are considering an attractive new option: moving DR to the cloud. A pay-per-use model is much less costly than redundant data centers and allows for storage of patient records, lab results, medical images and other types of fi xed content. T e need for DR also creates incentives to use cloud-based, vendor-neutral archiving (VNA) for DICOM (digital imaging and communica- tions in medicine) and non-DICOM data. Flexible cloud-archiving platforms allow healthcare facilities to consolidate storage silos and improve workfl ow management of radiology, cardiology and other departmental data storage sys- tems. Vendor-neutral archiving can also expedite PACS (picture archiving and communication system) upgrades, since informa- tion can be accessed at the metadata level – negating the need for a costly, time-consuming migration of legacy archives. Advanced VNA solutions feature tag morphing, which allows images to be displayed in virtually any PACS solution – allowing easy access across the enterprise with no additional investment. DR has traditionally been a cumbersome and costly necessity,
but new technologies allow it to serve as a stepping stone to more effi cient archiving and data sharing for multiple departmental systems.
Jonathan Karl, CDW Healthcare
Data loss in the healthcare industry CDW’s Data Loss Straw Poll surveyed 151 healthcare IT
professionals to determine their most prevalent security concerns. All respondents surveyed were familiar with their organization’s IT data security strategies and systems, and they uniformly identifi ed data loss as their top cyber-security concern. Of those surveyed, 26 percent noted that their organization had experienced data loss in the past two years. Other security concerns cited as most worrisome included viruses, worms and breaches, as well as malicious attacks and mobile threats. When asked about the types of information targeted most often, 63 percent noted that employee or patient records and other personally identifi able information were the most likely targets of a cyber attack. Security concerns are growing as the number of people accessing
healthcare organizational networks increases. CDW’s report found that the number of individuals accessing these networks increased by an average of 52 percent last year, due to a growing number of offi ce locations and mobile device deployments. Mobility and the proliferation of mobile devices add another
layer to security concerns. More than half of healthcare IT profes- sionals surveyed by CDW stated that both employer-owned and employee-owned devices access their network. Despite best inten-
HEALTH MANAGEMENT TECHNOLOGY May 2013 7