The leading knowledge exchange for Data Center, IT and Mission Critical professionals.
by Justin Carron
The healthcare industry is becoming more digital by the day. Central to this shift is the implementation of integrated healthcare information technology systems that replace legacy or poorly integrated systems. Today, healthcare organizations are striving to reach seamlessly integrated systems highlighted by Electronic Medical Records (EMRs). One centralized component is the design to connect all stakeholders and systems, ranging from primary care physicians and specialists to hospitals, walk-in clinics, pharmacies and labs.
The promise of integration and centralized applications is compelling: a significant improvement in the patient experience as well as better overall patient outcomes in addition to improved quality and decreased costs. With integrated robust and scalable IT infrastructure providing the foundation for collecting and sharing data in an EMR, healthcare will be transformed. Isolated silos of information and applications that were beset by inefficiency, inconvenience and errors will vanish. In their place, accurate applications will seamlessly integrate into centralized software. The vision is attainable, unfortunately not all healthcare organizations know how to do it.
The information sharing and seamless communication made possible by centralized EMRs is only as good as the IT infrastructure that supports them. With a holistic IT environment, planning, modular/ scalable systems, storage and security take on added importance.
If any part of a healthcare system network is down, stakeholders are impacted. Information can become inaccessible and proper care can be delayed – a scenario that isn’t an option for critical care organizations. In addition, as enterprises become increasingly dependent on infrastructure to ensure ongoing operations an drive business results, downtime is no longer an inconvenience; downtime now has significant costs.
Regulatory compliance poses another issue. For a large healthcare system, compliance is a significant challenge given the distributed nature of operations. Medical records must be safeguarded for privacy – a daunting prospect when records are shared throughout a system and must be stored for years. Providers and payers that violate regulations such as HIPAA are subject to steep fines depending on the severity, intent and scope of violations. Fines range from a minimum of $100 for each violation and $25,000 annually for repeat violations, up to $50,000 for each violation and $1.5 million annually for repeat violations. Keep in mind that monetary fees are only one aspect of penalties healthcare organizations may face; a data breach often results in negative publicity, cost in issue resolution and damage to an organization’s reputation.
Security is also a concern in the new model of healthcare IT. Healthcare data is extremely valuable, making it a primary target of cybercriminals. Healthcare records contain the most valuable personal information – such as full name, social security number, home address, phone number and employer. These valuable pieces of information are coveted by cybercriminals who use them to steal identities and perpetrate insurance fraud among other illegal and highly profitable activities.
Recently, there have been high-profile cases of hospitals victimized by ransom ware – in which their computer systems are locked until they pay thousands in ransom. Security concerns are also growing for healthcare organizations as they’ve typically focused on their primary business, providing patient care. As these organizations have not traditionally been IT-driven they have not devoted significant resources to cyber security. For these reasons, healthcare organizations are particularly vulnerable to cybercrime.
With cybercrime on the rise, healthcare organizations need to seriously consider the threats and associated expenses related to data breach mitigation and resolution. The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data conducted by the Ponemon Institute (published in May 2016), concluded that data breaches in healthcare are increasing in terms of costs and frequency. Nearly 90 percent of organizations surveyed reported having experienced a data breach within the past two years; on average, healthcare organizations spent more than $2.2 million to resolve issues related to a data breach. Each of these breaches involved on average more than 3,100 lost or stolen records. For the healthcare industry as a whole, the Ponemon study estimates that data breaches are costing organizations $6.2 billion annually.
The reality is simple. This threat is not going away. Also, ignoring the issue or paying your way out of an issue is not a long-term solution. You need to think bigger. You need to get to the source with your system. Implementing a new system also brings on additional costs that can seem overwhelming at first. These costs are extremely difficult for small and mid-size organizations and still pose problems to large conglomerates. Costs for implementation include software, training, licensing and consulting. It’s important to realize that these financial strains are short-term as investments in new systems will pay dividends in the long run. Making the initial investment can be tough but it can ward off and solve future issues.
Given the various stakeholders involved in modern healthcare, there are a number of best practices that can mitigate the challenges that integrated systems can bring. Top of mind should be an overall metering and remote monitoring strategy that allows individual stakeholders to track energy usage and ensure availability across facilities as well as across devices. There are UPS management platforms and energy management systems that make remote and granular monitoring a reality. Such systems collect and analyze data from connected infrastructure devices, enabling ongoing monitoring and predictive insight – all from a single interface. In addition, these systems can enable IT administrators to manage power consumption at the device level and automate disaster avoidance while enabling regular preventative maintenance.
A power management strategy will serve to ensure that critical healthcare systems stay up and running. Among all stakeholders, it is important to ensure that they both receive and provide timely updates to patient data and EMR systems. In effect, stakeholders are charged to “keep the database current.” In a similar vein, stakeholders should strive to utilize common formats for EMRs that can be accessed and shared by other authorized medical providers.
Keeping the power on is always important for patient safety but it’s also important for record access. Consequently, healthcare organizations need to deploy and maintain a power backup or disaster recovery site, so data is not lost, and information can be accessed even during power failures or adverse environmental events.
For specialists and primary care providers, it’s necessary to store the most recent patient records and data locally for temporary use, and back it up in a master database. Keep in mind that local providers still need the ability to care for patients, even if the remote data storage is inaccessible for any reason. Maintaining a “local” cache of recent patient information helps deliver continuity of care even if network communication is interrupted.
For primary care providers, having a disaster recovery plan or site is a best practice. Such a plan or site should be kept up-to-date with duplicate data and duplicate capabilities. To protect servers, storage and network gear in medical offices, UPS systems should be utilized. These power systems allow continual operations and save data during adverse conditions. Specialists as well can utilize UPS systems – and even a generator if required – to provide backup for medical imaging and medical lab equipment.
Backup power is also a critical component for edge devices such as switches and routers; consequently, backup power systems deployed in network closets and imaging labs can ensure that communications can function normally during a power event.
At the hospital level, backup power devices and generators should also be deployed. In the case of hospitals, such power backup deployments must comply with guidelines issued by the Joint Commission on Accreditation of Healthcare Organizations (JCAHO).
In addition, hospitals should test generators and UPS systems on a regular basis – at the very least monthly. Within a hospital, life safety, operating suites, imaging labs, emergency lighting, HVAC and egress areas such as elevators all should have power backup systems.
For those healthcare organizations that operate outpatient facilities – where onsite IT support may be limited – the remote monitoring and management of UPS and power distribution systems such as ePDUs is a great way to improve patient care. Even though these facilities do not have surgery rooms and scanners, the patients have extremely specific care plans that need to be followed. When these care plans are digital, backup power is absolutely necessary.
To keep healthcare providers up and running safely, remote capabilities can allow for faster response time to repair of network or server problems. This allows IT personnel to access even the smallest data closets from the comfort of their own home. To implement remote capabilities, healthcare organizations should consider this during the design phase of a facility whenever possible.
For existing facilities, it’s never too late to make modifications or upgrades to gain remote and modular access. Just keep in mind, these solutions should contain critical components such as UPS and cable management systems for easy user installation, modification, upgradeability and serviceability.
Healthcare organizations typically operate multiple distributed facilities. In these kinds of disparate environments, it is recommended to deploy management software that allows monitoring of critical systems from a central location – typically a location that is removed from the actual building where the communications and computer hardware resides. Another deployment option for management software is within private cloud environments. Ideally management software provides predictive data analysis, so the user is notified in advance when things – such as when a UPS failed its battery test or a power distribution device is detecting intermittent overloads – are trending downward. This predictive analysis in turn allows IT administrators to take proactive action before a more serious issue develops.
In laboratories, sensitive equipment, such as blood analyzers, test devices, and so on, should have backup power, as well as the ability to save data if a power event occurs. Pharmacies as well should have similar backup capabilities with the addition of automation and record keeping equipment.
Battery backup times and generator fuel supplies should be chosen/ modified, based on local weather conditions and climate. Healthcare organizations need robust functioning battery backup systems. Even in that event, having a “plan B” if a power outage is extended or the generator doesn’t start is a necessity. Hence, there is always a need to plan ahead. A professional to help guide you with these decisions is always helpful.
In data centers, UPS and generators are certainly a must. It is also important to test by simulating a power failure to ensure that everything is connected to backup power and that the backup functions normally within the specified battery backup time. The backup capabilities should encompass older equipment, network and communications gear, newly installed or temporary servers, storage and communications devices. Try scheduling this with your monthly power tests to ensure this is top of mind.
Within network closets, UPS is required so communications can operate during power failures and weather events. Also consider AC power in any backup power plan.
Computer rooms as well should have all the power and backup capabilities as a data center and network closet. Keep in mind, however, that a computer room may be served only by the building’s HVAC unlike a data center, which has dedicated and backed-up HVAC.
Consider the advantages of using a “centralized” UPS architecture – one UPS for the whole computer room – or a “distributed” UPS architecture, where multiple UPS devices are placed in individual racks. Of course, there are pros and cons for each strategy. In a centralized architecture, operating and installation costs are typically higher. However, a single UPS and battery system is easier to maintain and monitor even if the room is dependent on a single system. If redundancy is required, this too is easier in a centralized architecture. In a distributed model, cost is lower and there is the added security of not being dependent on a single UPS. On the downside, managing and monitoring all UPS devices and battery strings can be daunting; it can be difficult to know if “all that backup hardware” is going to function perfectly during an outage. This may result in less peace of mind than a centralized system.
Security of course is needed to safeguard data and patient privacy throughout the healthcare system. To safeguard operations, healthcare organizations require resiliency, redundancy and power management.
Many large healthcare systems operate their own data centers. These facilities must have the redundancy and resiliency to keep operating during any contingency. Backup generators, backup batteries and UPS devices can provide the power infrastructure required for servers, storage and networking equipment. To better manage power across a disparate network, PDUs are important components. Throughout the networking infrastructure, gateways and switches can enable organizations to remotely analyze power equipment – a critical capability given the integrated nature of the new model of IT.
In network closets – offshoots of a data center that house servers, data storage equipment and switches – UPS and PDUs can provide remote monitoring and management of power usage, as well as keep tabs on important environmental metrics such as temperature and humidity. Computer rooms as well can benefit from UPS and PDUs in addition to cable management and racks that optimize the airflow, accessibility and organization of the equipment.
For healthcare organizations that opt to deploy a hybrid (comprised of on premise and cloud) environment or go with a collocated data center provider, it’s important to ensure that the service provider can deliver a secure, resilient and reliable infrastructure. To this end, a provider should have a comprehensive disaster recovery plan in place; if one facility goes down, there should be multiple backup facilities that can seamlessly run any and all workloads. Make sure that the provider is able to adequately address HIPAA compliance requirements in terms of data privacy and data retention. On the latter point, scalability is a must with exponential growth of data volumes. A service provider must have the ability to scale to accommodate data growth, and in addition have the ability to expand bandwidth capacity to facilitate big data and analytics.
For healthcare organizations, EMRs in conjunction with an integrated IT infrastructure promise to improve patient care, reduce costs and increase efficiency. However, to achieve sustained benefits, healthcare organizations must take measures to ensure availability, scalability, resiliency and data security. With a well-thought out infrastructure strategy encompassing everything from power management, security and backup, and including all the various stakeholders, healthcare organizations can achieve all the benefits that the new model of integrated IT can offer.
Justin Carron is Global Healthcare Segment Manager at Eaton. He can be reached at [email protected].
