When it comes to technology, there are two sides to the HIPAA story. The privacy angle gets the most press, but...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
the mandate to safeguard patient data is also driving a massive overhaul of healthcare's storage and disaster recovery (DR) infrastructure.
Bay Cove Human Services is a non-profit organization in Boston serving people struggling with mental illness, developmental disabilities and substance abuse. With 30 servers and 440 desktops across its facilities in the Boston area, the agency has heretofore relied on standalone tape drives for DR, says Hilary Croach, director of information services. But with HIPAA on the books, Bay Cove has come around to the thinking that "it's not just about tape anymore."
Rather, it's about the continuous availability of critical applications and data. For example, Bay Cove hosts one Web-based application used by several hospitals when responding to psychiatric emergencies. With it, emergency workers can look up records for patients in crisis, enabling them to make informed treatment decisions. "This is a 24x7 application," Croach says.
Bay Cove is currently implementing Topio's Data Protection Suite (TDPS) for replication and failover of the psychiatric emergencies app between its main office and a second site. Today, if the server were to go down, it might take Croach's team four or five days to get the application back up and running, he estimates; with TDPS in place, it should be nearly instantaneous.
Bay Cove is also using TDPS with CommVault Galaxy backup software to replicate data from remote facilities, including a detox facility on an island in Boston Harbor, to its central office. With an IT staff of 10, "I can't have my guys running around switching DAT tapes," Croach says.
Bay Cove has another interest in meeting HIPAA's data availability requirements: accreditation. "HIPAA itself has no teeth. If you lose patient data, but the patient never sues you, then it doesn't matter," says Croach. But these days, if you want to be accredited to receive grants or be recognized by insurers, you must demonstrate HIPAA compliance, he reports. "That's part of our motivation as well."
For a non-profit organization, technology usually doesn't come cheap, although in the case of Bay Cove's SAN, it came for free. IP SAN maker EqualLogic donated a 3TB system to Bay Cove this year, which served as the initial catalyst to investigate improved backup and DR technologies like an LTO-3 tape drive. That's put a bit of a strain on the agency, Croach says. "This level of technology has always been something non-profits couldn't afford," he says. But, Croach adds, "now we can't afford not to have it."