When it comes to file servers, healthcare organizations are second only to legal firms in the sheer number of files they keep. They can often, however, be the overwhelming champs when it comes to the amount of data stored in those files. With medical imaging software, patient records, and other data being digitized, more and more information is being stored on file servers. This pattern is very common for any organization, but becomes even more of a burden in the healthcare industry for a few reasons.
First, most healthcare organizations cannot afford outages. Between patient's lives hanging in the balance and staffers who are simply not accustomed to having to wait for critical data, there's no allowance for outages. Data loss, similarly, is not an option; as the loss of a patient record could mean that you have no way of knowing of allergies, life-threatening diseases, and other issues. Even in a practitioner's office that doesn't practice emergency medicine—a dentist or podiatrist—the lack of this information could mean the accidental prescription of a wholly inappropriate drug.
Second, no matter if you're working with practitioners or researchers, there are federal and often local regulations that require you to protect patient and other medical data. HIPAA (Health Insurance Portability and Accountability Act) requires that data must not only be protected from theft and accidental disclosure, but it must be protected from data loss as well. Add this to your other factors, and there's an entirely different set of disaster recovery (DR) parameters to be dealt with.
Calculate accurate recovery objectives: RPO and RTO
In order to protect file servers for healthcare organizations, you will probably need to take a multilayered approach to DR. First, there are many different levels of availability that you may need. If you are responsible for a smaller practice, then you're in luck. In such cases, you can determine your Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for the business as a whole. For those who are in larger organizations, you will need to meet with each department to find RTO and RPO numbers individually.
RPO is the amount of data that can be lost to a disaster, usually rated in seconds or minutes of lost data. RTO is how long the system can be offline, usually rated in minutes to hours to days in some cases. Life-sustaining equipment and the file servers that contain the data they need to operate will have the tightest numbers when it comes to RTO and RPO. Research departments, on the other hand, will have a little more flexibility when it comes to downtime; however, with millions of dollars riding on each file, RPO and RTO numbers are uncompromisingly short. The reason you want to nail down these numbers is simple—smaller RTO and RPO numbers equate to larger budget numbers and more expertise needed to mind the systems that mind the data. So failure to get good numbers will lead to either inadequate protection or wasted expense.
The sheer amount of data in question also comes into play when talking about DR. Medical imaging systems store terabytes of data for even smaller hospitals and imaging centers. These files are vital to the well-being of patients, but offer some unique problems when it comes to protecting them. If you're using tape backups, you will need a very large number of tapes and someplace safe to store them. Your best bet is to contract with a storage facility that can handle the number of tapes in question for as long as your legal advisors recommend you to keep them. Also keep in mind that your RTO will be quite long, as restoration of terabytes of data from tape is generally estimated in terms of days, not hours.
If you use replication systems, you're going to need a large amount of disk space on the other side of the pipe to hold the replicated data, and tape cannot be ruled out of the mix, since a virus could destroy the files on both sides. Replication gives you a much tighter RTO and RPO, but the budget increases significantly, so keep those facts in mind when you start calculating the cost.
Planning DR options for file servers used in the healthcare industry is especially challenging. The amount of data and its vital nature leaves little margin for error. By getting the best possible estimate of RPO and RTO, you can build a plan that allows you to provide the necessary levels of recovery, while not overspending on your budget.
How well can your organization deal with an emergency? Automatically sign up for our free Disaster Recovery newsletter, delivered each Tuesday, and make sure you're prepared for the next catastrophe.