HIPAA prompts hospitals to reconsider storage

Find out how the healthcare industry's IT professionals are revamping their storage infrastructures to meet HIPAA requirements.

With the deadline to comply with HIPAA (Health Insurance Portability and Accountability Act of 1996) lurking in...

the not-so-distant future, the healthcare industry's IT professionals are revamping their storage infrastructures to fulfill the law's security and patient record accessibility requirements.

For example, HIPAA compliance played a role in the Seattle, WA-based Swedish Medical Center's decision to move to a SAN. The company chose to implement a XIOtech Magnitude array, which is the basis for XIOtech's SANbuilder for Healthcare bundle.

Not only did the SAN centralize all of Swedish Medical Center's disparate storage, making it easier to manage, it also provided better performance, security and availability than other forms of networked storage (e.g., NAS), says Robert Strasser, lead senior distributed systems analyst at the hospital.

The success of Swedish Medical Center's SAN can be gauged by its size: Starting out at .5TB in June 2001, it's already up to 2TB. Next year, Swedish expects to mirror its array, bringing its raw SAN capacity to 5TB. "Once we got it in the door, and saw what it could do for us, we just started adding more servers onto it," Strasser says.

Even without HIPAA, Swedish had been considering taking the SAN route, but HIPAA legislation "pushed us over the edge," Strasser says.

But HIPAA's real impact on storage will lie with what consultant Jon Bogan, president of consulting firm HealthCIO Inc., calls "an increased emphasis on business continuity and due diligence among healthcare organizations regarding backup and disaster recovery."

Case in point, St. Vincent's Hospital in Indianapolis is in the process of revamping its disaster recovery capabilities, says Andy Porter, senior engineer. The hospital's XIOtech and Compaq SAN fabrics are currently fully redundant internally, and it will soon move the redundancy "down the road" to a mirror site in Indiana. The hospital is also working with SunGard to establish a disaster recovery site.

HIPAA has also impacted how long hospitals store data. Before, says Porter, St. Vincent's would purge records from its radiology department's PACS (Picture Archiving and Communication Systems) system after a year or two. Now, "we've figured out that if you were born at St. Vincent's, we have to keep your data forever; and if you weren't - for 21 years."

At least, that's what St. Vincent's lawyers have been able to determine. What HIPAA compliance actually entails - and how it will be enforced - is anyone's guess. "I don't know any real HIPAA experts," Porter says. "There's still a lot of speculation about how the government will enforce HIPAA once it actually takes effect."

For more information:

Tip: Legislative mandates and cyber threats demand secured networks

Expert response: Choosing the best way to encrypt data

Tip: How do you store data for a really long time?

Check out the rest of the SAN/NAS trends column library. View the latest.

Sign up for your free copy of Storage magazine here.

This was first published in March 2005

Dig Deeper on IT compliance and governance strategies



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: