Enterprise Storage Solutions: Treating Clinical Data Storage Ailments
CIOs and CMIOs are finding new ways to balance enterprise data storage challenges with providing electronic patient information and images where and when they are needed.
Healthcare providers are under tremendous pressure to manage the storage of clinical data effectively. At the end of the day, data storage has implications on how providers deliver care. And with their insights on both data usage in clinical settings and the IT systems that support them, CMIOs are important stakeholders in the enterprise data storage strategies of their organizations.
A provider’s enterprise data storage (EDS) strategy can impact whether physicians can access vital clinical data when and where they need them. To that end, CMIOs around the country are embracing technologies and/or computing concepts such as storage virtualization, data lifecycle management (DLM), and tiered storage.
Many healthcare organizations have been grappling for years with how best to manage the rapidly expanding volume of data at the enterprise level. They’re also looking for the best way to strike a balance between streamlining access to clinical data for the appropriate clinicians and keeping unauthorized hands off sensitive information.
Stephen Tranquillo, vice president and CIO for Thomas Jefferson University Hospitals in Philadelphia, says it’s important to begin educating the decision-makers in hospitals about the importance of enterprise storage and other IT infrastructure. “IT infrastructure is an abstract [subject] to a lot of senior people,” he says. “But the senior people are looking at this in competition with other projects and other requirements for the same resources. So it takes education to get them on board.”
It’s worth noting that implementing/upgrading data storage was rated important or very important in 2010 and beyond by a significant number of respondents in the CMIO Compensation Survey 2010 (see our survey story on Page 4).
A dose of virtualization
Clinicians are generally busy people with extremely low tolerance for IT system downtime. After all, if they must wait for hours to access patient records stored on systems in need of maintenance or repair, patient care can be affected. At Mount Carmel Health System, which has four full-service hospitals and multiple ambulatory clinics in the Columbus, Ohio, area, the IT department has to schedule system downtime when certain applications need additional storage capacity, or for cases in which data have to be reorganized to enable clinical applications to run smoothly, according to John Lawson, the health system’s vice president of IT operations.
“Any downtime for a clinician is too long,” says Cindy Sheets, CIO of Mount Carmel. “So before, when we did have to take the system down to add capacity, there was an outage that any doctor you talked to would say was too long, even if it was only 15 minutes.”
Several years ago, Mount Carmel addressed the issue by building a storage area network (SAN) supported by Clariion and Centera storage devices from EMC. The group also uses HP Enterprise Virtual Array technology for the SAN. The data stored for many of the health system’s clinical applications, such as MedPlus ChartMaxx, are directed to the EMC devices, which then map the data to a network of storage servers. This network-based storage virtualization enables the IT team to keep those applications that are linked to the SAN up and running even during maintenance, eliminating some of the dreaded outages that rankle physicians.
Still, Mount Carmel has some applications that are not designed to take advantage of the health system’s SAN. For example, Lawson says that the vendor that provides the health system’s main application for its laboratory records system does not support connections to the storage network. That means that his IT department has to schedule downtime to conduct system maintenance, and it underscores the importance of working with vendors whose technologies support data virtualization.
Managing data lifecycles
Clinicians value the ability to view health records from as far back in a patient’s history as possible, because the information could help them make decisions at the point of care—a major selling point for moving patient data onto longitudinal electronic health records. There also are a bevy of regulations such as HIPAA and other laws that require hospitals to keep records, electronic or paper-based, for a certain number of years. The challenge is managing where and how to store this clinical data, and for what length of time. And doctors seem to be loath to purge any clinical data from their IT systems.
“We want to see data as far back as you’ve got it,” says Jeff Riggio, MD, CMIO at Thomas Jefferson University Hospitals in Philadelphia. “We don’t want you to start archiving anything that we can’t get easily.”
At Thomas Jefferson—which has four IT staff members whose responsibilities include data storage oversight—the practice for managing the lifecycle of data has been to purge nothing.
The hospital group generally has not archived or purged clinical data since it adopted GE Centricity Enterprise, which runs on two HP non-stop Tandem servers, about 10 years ago. “But it does take a fair amount of management and cleanup and reorganization just to make sure that the performance is not adversely affected,” says Paul O’Connor, the hospitals’ senior director of operations. “These files do grow very quickly, especially as you add more functions.”
The hospitals have managed some of the data demands by running applications that require lots of memory and perform many transactions on high-performance IBM DS6800 storage servers. The hospitals use IBM DS4000 series servers, which are a performance tier below the DS6800s, for less demanding applications.
Mount Carmel’s Lawson says he would like to see his health system adopt a strategy for managing the lifecycle of technology, including purging some data from the system, to address the growing demand for storage. Although his organization does not have a formalized data lifecycle management (DLM) plan per se, the GE Centricity application for the hospitals’ PACS dictates that some digital files move off primary servers to a central data center after they reach a certain age. The hospital system, where data storage management is shared among members of its 102-person IT staff, also does not purge information from its network.
A tiered storage approach
Although the cost-per-byte of storage has dropped precipitously in recent years, hospitals are becoming more mindful of how to limit expansion of their data center footprints in their facilities. Data centers and server rooms can occupy valuable real estate within hospitals and clinics, and they often drive up electricity costs as they are expanded with new machines. Also, servers can require maintenance to move older files onto other computers, to ensure that the primary servers’ disks are spinning with data that are most relevant to clinicians versus older information that they are less likely to access.
Mount Carmel uses PACS at its satellite facilities as well as in the imaging clinics in its hospitals. Each site has a server in which digital image files are stored for two years, after which time the files automatically migrate to servers in the health systems’ primary data center in Columbus, Lawson explains. This system of pushing the digital image files from one server to another based on the preset two-year rule is considered tiered storage.
Tiered storage involves the migration of data between two or among three or more storage devices, using a combination of software, policies and hardware to manage the system. This storage strategy can be useful in automating movement of data from high-performance servers to slower machines or lower-cost media such as tape-based storage.
At Mount Carmel, even the older digital images that are centralized in the organization’s data center are stored within the SAN, Lawson says, so radiologists can call up the older files that live in the offsite data center just as easily as those stored on the servers in their actual clinics. The GE Centricity software manages the movement of the radiology images—Lawson says it is common for vendors to dictate whether their applications will allow data to be stored in different tiers.
For Mount Carmel, the tiered storage of digital image files enables the imaging clinics and hospitals that use the PACS to limit the amount of space needed for computing hardware, Lawson says. It’s understood that controlling the expansion of computing footprints, or even reducing them through consolidation, helps organizations reduce operational expenses related to energy costs and technical support. A potential future tier of storage for the hospital system is to move data to cloud-based storage, according to Lawson, but he is not yet comfortable with the level of security offered by external cloud storage.
Data security concerns
CMIOs understand that the security of clinical data stored within their hospitals’ IT networks is important on several fronts: Protecting the privacy of patients, complying with regulations and guarding the reputation of the organization, among others. An additional challenge is managing data security in a manner that doesn’t impede workflow in clinics.
“A major concern that I have, and many CMIOs have, is how do I make information readily available to those who need it, but protect it in such a way that it does not get into the hands of those who do not need it,” says John Beuerlein, MD, the CMIO for the University of Tennessee Medical Center (UTMC) in Knoxville.
The medical center, which has tapped Cerner to provide most of its clinical applications, uses Cerner’s data access management tool. The access manager, for example, ensures that only certain clinicians in the hospital can view a patient’s HIV test results or other sensitive information. To safeguard computers and mobile devices, the first layer of security that UTMC has is password protection.
The medical center also uses a St. Bernard Software application for web filtering, preventing people from navigating to web sites that could infect the hospital’s network. Its e-mail monitoring tool from Mimecast screens and, if necessary, quarantines e-mails containing information that the sender may be unauthorized to transfer beyond the hospital’s firewalls. All e-mail messages also are encrypted.
Thomas Jefferson University Hospitals has built its data storage and security infrastructure primarily on IBM platforms. The hospital group uses IBM’s Tivoli Access Manager and Identity Manager to control which clinicians can view certain patient records and to authenticate the identities of users that want to access sensitive patient data. The health system has adopted multiple technologies to secure laptops, including LoJack to track the location of missing or stolen devices, as well as Zix software for e-mail encryption.
While UTMC has adopted a battery of security technologies, Beuerlein emphasizes that training residents and other clinicians to handle patient data with care is a key component of the medical center’s data security strategy.
At Mount Carmel, an innovative approach to securing clinical information has been to have an information security officer who is not part of the IT department, and therefore can offer objective feedback to departments on data security policies and practices, Lawson says.
“Of all the things that keep me up at night,” Lawson says, “security is near the top, if not at the top.”