Imaging: Raising the Disaster Recovery Bar? | [node:field-byline] | Healthcare Blogs Skip to content Skip to navigation

Imaging: Raising the Disaster Recovery Bar?

September 3, 2008
by Joe Marion
| Reprints

As the nation breathes a collective sigh of relief this week that hurricane Gustav was not the “mother of all storms,” it still was a significant disruption to Louisiana and the New Orleans area. It is also the latest reminder to Information Technology management on the necessity for continual assessment of disaster recovery (DR) planning and execution.

I would venture to guess that healthcare information technology’s disaster recovery plans are more robust for data than they are for imaging. The April 2005 HIPAA regulations for safeguarding electronic protected healthcare information (ePHI) have as much implication for imaging services as they do for other patient information, but potentially add another level of complexity to IT plans for compliance.

I’d like to spend a few minutes exploring a few aspects that relate to the inclusion of imaging in IT disaster recovery plans.

Multitude of Data Sources

Has IT identified how many imaging sources exist within the enterprise that may need to be addressed in a disaster recovery plan? The likelihood is that if the facility does not have a PACS, imaging data may be stored at the modality. These MOD’s, CD’s or DVD’s are most likely not considered when looking at DR requirements, but they represent electronic patient data, and should be considered. I have recent experience with two sites that do not yet have a PACS, but are archiving CT, MRI, and Ultrasound on DVD’s – one goes in the patient chart and one is used as a backup. Unfortunately, the backup is merely that, and it is not managed from a true DR perspective, as it is stored on site. But at least the sites have considered the need for redundancy of data.

Similarly, I have been in a number of cardiac labs that store data on MOD’s or DVD’s, and have them neatly (or otherwise!) stored on a shelf in the control room. In these cases, there is no backup or DR plan. I am sure there are many other examples including Echocardiography and GI videotapes, sleep lab data, etc. that represent un-cataloged imaging information that under HIPAA should be addressed as part of a DR plan.

DR Test Plan

I have asked a number of sites during imaging evaluations if they have a disaster recovery plan. Usually, they will say they have a policy and are creating redundant data. When asked if they routinely test the plan, there are a lot of “deer in the headlights” stares. I frequently ask these same people if they have a digital camera and any digital images on their home PC, and if they have ever made a backup copy on a CD or DVD. Usually, people will say yes to creating a copy, but few can respond positively if they have actually tested the media to assure that the images were properly written to it.

This is a significant problem – especially for areas outside of IT’s direct control. It’s a daunting challenge to consider how all of these individual areas would be coordinated to address a true DR plan, as well as the testing of backup to assure recovery. Another significant factor is the resource required to do the testing. Chances are IT has resources assigned to DR policies and plans. But the likelihood is these are insufficient to conduct a thorough test of backups. And, clearly, should a disaster strike; are resources sufficient to result in a timely recovery?

The Cost

How does one put a price tag on compliance and what is the risk of non-compliance? I suppose it depends on geography and circumstances. Certainly healthcare IT in Florida and Louisiana are much more sensitive to the issue than healthcare IT in the Midwest. But perhaps while the risk is greater, the result of a tornado ripping through a hospital is the same whether it is Iowa or Florida. One has to use common sense in terms of determining the means of transport and location for data to be “out of harm’s way.”

The other cost factor that will need to be considered is that imaging data is considerably denser than other patient data, so the cost of managing DR for imaging will naturally be more expensive than for textual data. This is often overlooked in planning for imaging services, but perhaps in areas of high probability, it needs to begin to be taken into account. Services that may be economical for other data may need to be reconsidered for imaging, and alternatives found.

So, I ask, does imaging raise the bar for DR? Most certainly it does! IT management should reassess its DR plans to take into account the impending impact of imaging. New and creative solutions will need to be identified if Information Technology is to be prepared to effectively and economically address imaging in DR plans. Gustav may be just another wakeup call.



Hi Kate:

T respond to your questions:

1. I would say it is difficult to sell the concept without an ROI. It comes down to "cost avoidance" which is a tough sell, and as you point out, if the facility has never faced a disaster, it is complicated.

2. I would say that natural disasters such as Katrina and Ike have raised the awareness, but probably only in areas that may be susceptable to such disasters.

3. I am personally aware of sites that are taking a huge risk with images, with no DR backup, and no test plan. If their data center gets hit, they lose all the images!

4. This presents an opportunity for those in DR to demonstrate the cost effectiveness of their solutions. If it can be quantified, it may be more sellable.

Excellent post. The cost of downtime or loss of medical imaging data can be devastating to any provider. It's unfortunate that it takes a disaster or major failure for DR solutions to be taken seriously. It's not enough to create a plan or sign a subscription with a DR vender, the organization must integrate DR into the daily operations and must be part of the culture.

Hi Joe,
Great post. You bring up some very interesting points, particularly in regard to testing. Implementing a disaster recovery solution is a critical step for hospitals, but testing (to ensure recovery) is an extremely important component that can't be neglected. Testing needs to be a priority and it needs to be factored into the budget.

That brings up another issue with DR — how difficult of a "sell" are disaster recovery solutions when there is often no ROI? Hospitals may never be faced with a natural (or technical) disaster can this negatively impact where it falls on the priority list?
I'm working on an article focusing on disaster recovery strategies, and I'm curious about these points. Thoughts?