When it comes to file servers, healthcare organizations are
second only to legal firms in the sheer number of files they keep. They can
often, however, be the overwhelming champs when it comes to the amount of data
stored in those files. With medical imaging software, patient records, and
other data being digitized, more and more information is being stored on file
servers. This pattern is very common for any organization, but becomes even
more of a burden in the healthcare industry for a few reasons.

First, most healthcare organizations cannot afford outages. Between
patient’s lives hanging in the balance and staffers who are simply not
accustomed to having to wait for critical data, there’s no allowance for outages.
Data loss, similarly, is not an option; as the loss of a patient record could
mean that you have no way of knowing of allergies, life-threatening diseases,
and other issues. Even in a practitioner’s office that doesn’t practice
emergency medicine—a dentist or podiatrist—the lack of this information could
mean the accidental prescription of a wholly inappropriate drug.

Second, no matter if you’re working with practitioners or
researchers, there are federal and often local regulations that require you to
protect patient and other medical data. HIPAA (Health Insurance Portability and
Accountability Act) requires that data must not only be protected from theft
and accidental disclosure, but it must be protected from data loss as well. Add
this to your other factors, and there’s an entirely different set of disaster recovery
(DR) parameters to be dealt with.

Calculate accurate recovery objectives: RPO and RTO

In order to protect file servers for healthcare organizations,
you will probably need to take a multilayered approach to DR. First, there are
many different levels of availability that you may need. If you are responsible
for a smaller practice, then you’re in luck. In such cases, you can determine
your Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for the
business as a whole. For those who are in larger organizations, you will need to
meet with each department to find RTO and RPO numbers individually.

RPO is the amount of data that can be lost to a disaster, usually
rated in seconds or minutes of lost data. RTO is how long the system can be
offline, usually rated in minutes to hours to days in some cases. Life-sustaining
equipment and the file servers that contain the data they need to operate will
have the tightest numbers when it comes to RTO and RPO. Research departments, on
the other hand, will have a little more flexibility when it comes to downtime;
however, with millions of dollars riding on each file, RPO and RTO numbers are
uncompromisingly short. The reason you want to nail down these numbers is
simple—smaller RTO and RPO numbers equate to larger budget numbers and more
expertise needed to mind the systems that mind the data. So failure to get good
numbers will lead to either inadequate protection or wasted expense.

The sheer amount of data in question also comes into play when
talking about DR. Medical imaging systems store terabytes of data for even
smaller hospitals and imaging centers. These files are vital to the well-being
of patients, but offer some unique problems when it comes to protecting them. If
you’re using tape backups, you will need a very large number of tapes and
someplace safe to store them. Your best bet is to contract with a storage
facility that can handle the number of tapes in question for as long as your
legal advisors recommend you to keep them. Also keep in mind that your RTO will
be quite long, as restoration of terabytes of data from tape is generally
estimated in terms of days, not hours.

If you use replication systems, you’re going to need a large
amount of disk space on the other side of the pipe to hold the replicated data,
and tape cannot be ruled out of the mix, since a virus could destroy the files
on both sides. Replication gives you a much tighter RTO and RPO, but the budget
increases significantly, so keep those facts in mind when you start calculating
the cost.

Planning DR options for file servers used in the healthcare
industry is especially challenging. The amount of data and its vital nature leaves
little margin for error. By getting the best possible estimate of RPO and RTO,
you can build a plan that allows you to provide the necessary levels of
recovery, while not overspending on your budget.

How well can your organization deal with an emergency? Automatically sign up for our free Disaster Recovery newsletter, delivered each Tuesday, and make sure you’re prepared for the next catastrophe.