POWER > Business Strategy > Migration

Resiliency Best Practices Can Ensure a Successful Healthcare Data Migration

Photo by Nick Veasey/getty images

Imagine one electronic healthcare record that’s accurate and available no matter where the patient goes. That’s the goal for most hospitals and health-care organizations. But getting there is not without obstacles.

Regulatory proliferation and legislation continuously change the playing field; meanwhile, hospital and physical practice merger and acquisition (M&A) activity continues to trend upward as healthcare organizations reinvent themselves in an effort to stay competitive amid changing regulations.

The digital evolution itself isn’t without substantial growing pains for healthcare providers. In order to merge and digitize records, CIOs and IT teams must standardize data, convert records from paper and implement scalable storage—all before merging and migrating data and applications to compliant electronic healthcare record platforms. Once they’ve run that gauntlet, they’re obligated by law to keep those records and applications secure and highly available.

The extreme expense of hiring consultants to convert and standardize data, expand storage and implement an electronic medical record (EMR) or electronic health record (EHR) system leaves little in the budget for a business-continuity and disaster-recovery plan. However, newly merged organizations can’t afford to not implement one. Fines for noncompliance can cost millions of dollars and regulatory auditors aren’t interested in excuses.


Heavy Regulation

Healthcare regulation is far more complex than just HIPAA, the Health Insurance Portability and Accountability Act enacted in 1996 to protect patient privacy. A healthcare practice is also a business, so it’s governed by the Sarbanes-Oxley Act (SOX), which sets standards for corporate accounting and responsibility. Any healthcare practice accepting credit card payments must also comply with the Payment Card Industry Data Security Standard (PCI DSS), a regulation mandating secure environments for organizations that process, store or transmit credit card information. Imparting a real sense of urgency is the Health Information Technology for Economic and Clinical Health Act (HITECH), part of the American Recovery and Reinvestment Act of 2009, which mandates healthcare organizations implement EMR/EHR systems by 2014.

None of these regulations has a handy addendum of functional requirements for security, backup and availability that would make it easy for CIOs to design a foolproof system; instead, these and other regulations outline basic requirements for minimum business continuity and security, and leave reasonable interpretation and implementation up to the business.


Think It Through

For healthcare CIOs going through the M&A process, pleasing regulatory agencies often complicates life and drains money from the budget. Shifting perspective to the rationale behind the rules may help find a way through the labyrinth. First and foremost, regulations protect patient privacy by ensuring the appropriate people have access to the appropriate information. In other words, no one can see more or less than they must. Regulations also support good health by enabling communication between healthcare providers. For example, drug interaction alerts can be put into place so a comprehensive picture is available to everyone involved in a patient’s care. Also, regulations can save money by streamlining communication and eliminating duplicate efforts.


Protect Physical Storage

When it comes to your business-continuity and disaster-recovery plan, where do you start? Data resiliency begins with evaluating the physical storage environment.

Efforts to digitize data and medical images have created an avalanche of new electronic data, all of which has to live somewhere. Whether you’re storing data in a data center with virtual servers or taking advantage of cloud-based storage, the physical buildings that house production and backup servers must be protected. Data centers should be off-site, unmarked buildings with secure architecture, redundant power supplies, fire protection and limited entry points. They should not be located in geographical high-risk areas.


Evaluate Cloud Storage for Compliance

Cloud storage is a tempting option for healthcare organizations because it’s inexpensive and scalable, but is it compliant? The security and reliability of cloud-based storage is still hotly debated, yet increasingly more healthcare organizations are successfully using cloud storage, especially for noncritical data. The pay-for-what-you-use structure can be a fiscal relief—and it’s compliant as long as data availability and security features of the plan meet certain guidelines. You can save money and still play it safe by storing critical data in a co-location data center and storing noncritical, unregulated data in the cloud.

comments powered by Disqus



2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Capable Hands

IBM Migration Factory experts can guide your move to a new platform

Successful Mergers and Acquisitions

IT’s role in a smooth integration


Migrate to POWER9 With the Help of Lab Services

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store