When It Comes To HIPAA, No Departments Data Is An Island
As the healthcare industry continues to evolve, healthcare organizations are challenged to continue to provide high-quality, cost-effective care, while dealing with HIPAA privacy and security compliance issues.
In the past, data management and storage of critical patient, purchasing and compliance information was handled departmentally, and as a result, “islands” of disparate information were created across the organization.
With the advent of HIPAA, these past storage strategies are no longer viable, as organizations are faced with a significant additional burden and cost of meeting privacy and security requirements for all health information within the organization. As the healthcare enterprise begins to develop strategies that will conform to new federal regulations, it is critical to take a centralized enterprise view of data management, patient archival, disaster recovery and data security needs.
Organizations in the past have experienced three primary data management and storage needsbackup and restoration of data, disaster recovery, and patient image archiving. These organizations were faced with implementing and managing information systems to meet these needs, while maintaining stringent cost controls.
HIPAA mandates that organizations comply with additional privacy and security requirements for all health information. As a result, healthcare enterprises are challenged with addressing the inherit issues surrounding the existing islands of information throughout the organization and moving to a more centralized approach to data management.
The IT department in a healthcare enterprise has traditionally been concerned with the business needs of the hospital, and the departments involvement was primarily administrative (i.e., patient registration, billing, insurance and medical records). The amount of data actually generated by these activities is relatively small when compared to the total amount of data that is generated across the entire healthcare enterprise.
As digital modalities such as CT, MR, CR, digital mammography and digital cardiology were introduced, individual departments had a need to store the “raw digital” data, as well as a representative subset of this data in the form of films.
Because of the limited role the IT organization played, IT managers were often unaware that these archives were being installed by departments, or they had given their consent to have these archives maintained locally and outside of their control. This was due to the lack of resources to handle the large amount of data that these digital modalities generated.
Furthermore, such data were viewed as “clinical data,” thus, outside of the traditional responsibility of the IT organization. As a result, multiple storage strategies were created throughout the organizations, resulting in departmental islands of patient data.
For example, dedicated archives in radiology and cardiology departments often consist of multiple legacy systems that have resulted in part from storage technology advances and unanticipated data growth.
The IT department has conventionally relied on a data repository for automated backup of administrative and accounting systems, but not of the large number of independent departmental servers distributed throughout the healthcare organization. Because most of these archives are under the control of the departments, where there is often little IT expertise, these data archives are often not under the same strict data management controls and safeguards typical of an IT department. This makes it more difficult for the organization to comply with HIPAA and other federal regulations.
Each of these departmental information islands has its own data policies and management. While federal standards such as HIPAA do not specifically state how a healthcare organization will provide data security, these information islands certainly make securing and ensuring that protected health information remains private a more daunting task.
A coherent enterprise data management strategy with centralized data repositories will help these organizations more easily control the management, security and accessibility of patient dataestablishing a “one door to guard” mentality. This will result in more cost effective HIPAA compliance, and lower the long term cost of continuing to comply with these federal regulations.
In the past, installation and configuration of centralized data archive solutions as the main data storage center for a healthcare enterprise has required a certain amount of “guesswork” to determine the final software and hardware configuration. IT managers were challenged with getting the different software applications and disparate data sets into one archival environment.
The enterprise healthcare storage model addresses many of the gaps in the patient data storage models in healthcare today. The traditional role of the IT department in healthcare has changed. Managing data, whether it is images or text, and ensuring that it is private and secure will become one of the most important challenges facing the healthcare enterprise of today and in the future.
Just as a patient needing open-heart surgery would go to a heart specialist, organizations needing data management should turn to data management experts. The imaging areas need to form alliances with the IT departments to reduce the ambiguity of people, equipment and software while still providing privacy, security and quality patient care to the public. This will enable clinical people to do the jobs they are trained to performdiagnosis and treatment of sick patients. The information experts will provide the data management needed to meet the privacy and security regulations that HIPAA and other federal regulations mandate.
As a result, healthcare organizations will be able to better utilize people, resources and funding, which will help them facilitate more cost-effective and care-effective patient care.
is manager, Worldwide HealthCare Business Development, for StorageTek, based in Louisville, Colo.
Reproduced from National Underwriter Life & Health/Financial Services Edition, August 19, 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.