Healthcare firms face increasing regulatory pressures in all aspects of their day-today business operations. Regulations surrounding the management and availability of critical healthcare data including clinical trial data and patient and insurance claims information have lead to sweeping changes both in the United States and abroad. Virtually all U.S. healthcare firms will need to implement data management
strategies that ensure the integrity, resiliency and availability of critical information in order to meet regulatory mandates in the coming months and years.
One of the most far-reaching of these regulations is the Health Insurance Portability and Accountability Act (HIPAA) which affects all healthcare organizations and other entities that process health-related data. Firms affected by HIPAA include healthcare providers, physicians' offices, public health authorities, life insurers, healthcare clearinghouses, billing agencies, information systems vendors, service organizations and universities. CEOs, CIOs and IT Directors alike cite compliance with HIPAA among the top business issues facing the healthcare industry in the next two years. IT departments within all types of healthcare related companies are being called upon to deliver cost-effective data management solutions for meeting
the demands of HIPAA.
HIPAA has focused the entire healthcare
industry on the security and integrity
of relational databases containing patient
information. One of the most important and
challenging requirements for HIPAA compliance
is contingency planning. Within a
formal contingency plan, healthcare organizations
must include the following critical
elements:
Testing and revision procedures
Presently, HIPAA-regulated firms must have a solution in operation by October 2003. Healthcare firms that do not comply face the risk of serious criminal and civil penalties. These penalties may include fines of up to $25,000 for multiple violations and fines of up to $250,000 and/or imprisonment up to ten years for the knowing misuse of individually identifiable health information.
Interpreting the regulations and selecting solutions that best apply have posed numerous challenges for healthcare firms. Organizations must take into consideration a number of factors when selecting a solution that best meets their needs and computing environment.
HIPAA can also be viewed as a valuable opportunity for organizations to capitalize on the benefits that compliance brings. Healthcare firms with resilient and accessible data can ensure continuous business operations around the clock while gaining the ability to implement 24/7 e-Business initiatives. By leveraging a HIPAA-compliant disaster avoidance and recovery solution, healthcare firms can lower operational costs, increase revenue, improve customer service and remain competitive in today's marketplace.
Creating a Highly Resilient and Accessible Data Environment
For healthcare organizations, data resiliency, or the ability to ensure that critical data and applications are thoroughly backed up and continuously available, is an imperative for HIPAA compliance. Beyond compliance with HIPAA mandates, there are many other business benefits to having a disaster recovery solution in place.
The need for high-availability business environments has never been greater. The Internet has created a new breed of customer that demands 24/7 service from web sites and customer-facing systems. If a healthcare organization's server isn't online, or its critical patient and healthcare
data is unavailable for any period of time, its ability to conduct business is seriously impaired. Database crashes can also seriously affect a company's ability to do business effectively with employees, partners, suppliers and customers. A long outage can cause the business to grind to a halt.
In order to deliver superior service and achieve 21st Century competitiveness, organizations must have a proven highavailability solution in place in the event of planned or unplanned downtime. Highavailability software products can provide an effective solution for creating resilient and accessible healthcare data for HIPAA compliance. Using a proven high-availability methodology, healthcare organizations can mirror critical data from primary systems
to one or more recovery systems in real-time, ensuring high-speed operational switching and uninterrupted access to data during planned or unplanned downtime. Beyond HIPAA-compliant disaster recovery, a high-availability solution also allows for highly efficient distributed processing and workload balancing to enhance operational efficiency.
Components of a HIPAA-Compliance Resiliency Solution
A resiliency solution for ensuring HIPAA-compliant disaster avoidance and recovery must take into account the following
components.
Mirroring
The most important element in any high availability solution is the mirroring software that will synchronize the recovery system in real-time from the primary operational system. This software component must be fast, transaction-consistent and guarantee data delivery at the recovery site even in the event of a network or system outage. The software must also be two-way to allow both the production and the secondary machines to act as a source and target to each other. Full two way functionality gives the secondary system real-time capabilities to re-synchronize the production system while enabling users to continue working on the recovery system.
Switching
Switching mechanisms are also critical components of any high-availability solution. Switches handle operational role
switching between primary and recovery machines. In today's sophisticated network environments, a virtual switchover to a new machine may be as simple as logging on to a second machine. Users and IT staff can be alerted to an outage at which time network traffic can be re-routed or users can click a different icon to establish a connection to the
recovery machine. Switching mechanisms automate user and role switching. Switching software can either notify administrators of an outage or initiate other events after a user defined delay. These types of switching facilities are designed to make system outages as seamless to users as possible.
Monitoring
The third component of any high-availability solution is an interface for tracking the entire mirroring process. The ability to monitor historical and current activities is important, as administrators need to know the performance of their solution. What is the time latency in moving data between primary and recovery systems? In any high-availability environment, performance equals availability. Administrators must have the means to monitor mirroring performance and latency for system backup.
What to Look For in a High-Availability Solution
Implementing a high-availability solution involves moving data in real-time between primary systems and recovery systems in order to secure operations from business interruption. The software used to enable such a solution should meet certain standards. Healthcare firms should consider the following elements when evaluating a high-availability solution to complement their contingency plan.
Transaction Consistency
The software should be transaction-consistent. This ensures that transactions are performed on the secondary machine in precisely the same order in which they occurred on the primary server. Transaction consistency ensures data and object integrity.
Fault Tolerance
The software should include fault tolerance or guaranteed data delivery at the recovery server. If there is a network, system or communication outage during replication, the secondary server should reflect the last complete transaction. This eliminates the possibility of duplicate entries or partial transactions when it comes time to switch
operations back to the primary server.
Ease of Use and Administration
The application should be easy to install and administer. The last thing companies want to worry about when setting up a high-availability solution is custom programming and other time-consuming, costly and resource-draining activities. Object and data replication software should install quickly and be ready for operation with minimal effort. Additionally, users should be able to administer all elements from a unified interface.
The Good News/Bad News Story
It is important to note from a systems manager's point of view that a high-availability implementation is never an "out of the box" install. There will always be some customization, monitoring and a good deal of elapsed time before you can consider your contingency project to be fully functional. If a vendor tells you that high availability works right out of the box, start to question the vendor's
definition of high availability. That was the bad news. The good news is that resiliency products on the market are very sophisticated, robust and easy to install.
So what can you expect as a systems manager or customer? When you purchase high availability you are purchasing a type of insurance. You are purchasing a product that will allow you to sleep at night knowing that your critical data is safely backed up on a recovery system. If necessary you can switch users over to the recovery system and continue running your business if the production system fails. You can even keep your production users up 24/7 by running backups off of your recovery system. These are strong long-term business benefits to purchasing high availability but to get there, you must build a long-term relationship with the high-availability vendor. A typical installation
may only take a day, but the planning, configuration, monitoring, customization, training, implementing of new operational procedures etc. may take several months and
could involve consulting.
High-availability vendors are very experienced in the planning and configuration of high-availability environments. High availability is not a product as much as it is a project. It will involve input from almost everyone
from the CEO or upper management to applications programmers, network administrators and the end user.
The Total Solution
The challenges faced by IT departments responsible for ensuring that key systems comply with governmental regulations can be considerable. Moreover, the pressures of the current economic climate mean that IT decision-makers are continuously being asked to do more with less. Healthcare companies can often rapidly achieve compliance
through a combination of pre-packaged software solutions and professional services specifically targeting the technical challenges faced by the healthcare industry. By leveraging the high-availability expertise of third party vendors and established consultants, the technology challenges faced by the healthcare industry can be easier and more cost-effective to manage.
Most analysts recommend packaged solutions over custom development solutions for helping companies quickly and
cost-effectively create highly resilient environments for HIPAA compliance. In addition to offering proven solutions to thoroughly back up patient databases, high availability
experts can help customers develop or review disaster recovery policies for their organization and implement technical solutions and high-availability methodologies to protect all health information. Beyond the immediate issues of regulatory compliance, revamping their information infrastructure can empower healthcare companies to maximize operational efficiency, enhance service levels and ensure their competitiveness in today's economy.