Healthcare & HIPAA

Standards-based optical storage meets HIPAA records retention requirements

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) created specific requirements for managing health information privacy and security. Because of HIPAA, the legal and regulatory environment for managing patient medical information has dramatically changed.

Currently, questions of health information security and medical privacy are of utmost importance in the United States. Hardly a day goes by that we do not see a featured article or publication about some aspect of medical privacy, or a story about a security breech. HIMSS (Healthcare Information and Management Systems Society) has convened a Privacy and Security Steering Committee to guide implementation of strategic initiatives that promote the privacy and security of healthcare information and management systems. This Committee has set the following goal: "By 2014, all entities who use, send, or store health information meet requirements for confidentiality, integrity, availability and accountability based on sound risk management practices, using recognized standards and protocols."

Wrestling with regulations

For decades, data storage at the average health care institution was low tech: Stacks of file folder-stuffed boxes were tucked away in some out-of-the-way rooms. Over time, the logistics of dealing with the accumulated volume of patient records, even in microfiche format--as well as a not-so-gentle nudge from the federal government in the form of HIPAA--propelled health data into the digital age and set-off a challenge for IT manages in healthcare to come up with long term digital archiving solutions that are: reliable, secure, easy to integrate and manage within the existing infrastructure and are low-cost.

Compounding the storage problem are medical technology advances like MRIs, as well as a growing number of network connections to pharmacies, other health care organizations and physicians. Add in the fact that HIPAA requires some patient records to be accessible for up to 21 years! Then throw in dramatically increased requirements for security and patient confidentiality, and it all adds up to a recipe for a health care storage emergency.

HIPAA Raises the Bar

HIPAA storage retention guidelines, for example, suggest five years for mammograms, 10 years for adult records and 21 years for pediatric care patient records. The long term and storage capacity requirements further compound the archiving issues when you couple the HIPAA guidelines with PACS [Picture Archiving and Communication System] where the images are getting larger. For example, a technician can take a CT scan, slice it up in different ways and do a three-dimensional modeling of it. That takes massive amounts of storage, and if it's involved in a patient diagnosis, it's data that must be kept. Adding to the storage bulk is the necessity to transfer paper-based patient records to disk--a labor-intensive and costly process. One option is to scan in old documents as images. The last option is

Keep everything?

HIPAA's basic storage requirement is 6 years and 21 years for pediatric care patient records, which corresponds to the federal statute of limitations for civil penalties. Add in other federal, state and/or local regulations for patient-related information, and it's no wonder that storage managers in health care are frustrated. Network attached automated optical storage utilizing an optical disk-based Write Once, Read Many (WORM) device, can already do the job when combined with a Record or Image Management applications can embed retention periods that prevent the record from being deleted before the end of the period.

How SAMServer Addresses Healthcare & HIPAA Storage Requirements

StorageQuest's SAMServer series of network attached appliances unify optical storage providing organizations with an integrated approach to streamlining compliant archive storage and reducing costs in FIVE ways:

1. Unified Storage

The SAMServer optical archive management provides file-sharing and management from anywhere on the network. Investments in the build-out of storage area networks and infrastructures, to better manage information and storage costs, are fully leveraged through the SAMServer. 

2. Open Storage

The SAMServer utilizes industry standards such as: Universal Disc Format (UDF), TCP/IP, NFS, CIFS, HTTP, SNMP, SCSI, Gigabit Ethernet and iSCSI. Complete system transparency is achieved through the use of UDF which is fully supported by all major operating systems including: Windows, MAC/OS and UNIX providing a completely open and transportable archive solution. Information stored through the MSM onto optical media can be read by any of the aforementioned operating systems as a standard operation - no special drivers or additional software to purchase. Your archived data is free from vendor "lock-in" as nothing is proprietary. The SAMServer provides total freedom of choice for compliant archiving regardless of Vendor, Format or Media.

3. Simplified Storage Management

The SAMServer provides total management for all of your archiving resources through its powerful, yet easy to use, Windows GUI-based management and control system. Truly a Plug-n-Play experience as within minutes, applications are archiving and retrieving data from anywhere on the network.

4. Complete Storage Support

The SAMServer supports the complete range of optical media formats including: WORM, DVD-ROM, DVD-RAM, DVD-R, DVD+R, DVD-RW, DVD+RW, CCW,CD-ROM, CD-R, CD-RW. By providing our unified storage solution as these products come to market, it ensures a compliant archiving roadmap for many years to come.

5. Low Cost Storage

The SAMServer lowers the total cost of compliant archival storage in several ways: Through its simple Plug-n-Play appliance model systems administrators can easily install, configure and manage optical library systems. There is no need for high level technical resources to be employed to support an SAMServer Archival system. The SAMServer enables the sharing of the optical storage resources throughout the network, amortizing the archival costs across many applications, thus lowering the total cost of ownership for compliant storage within the enterprise. The SAMServer lowers costs through the utilization of low cost optical storage. For example: a DVD-R library system using the UDF format enables any data archived on inexpensive DVD-R media to be read on any Windows, MAC/OS or UNIX system directly. Today's systems have DVD drives already installed so there is no additional hardware or software to purchase. This totally open architecture greatly reduces long term storage costs and management, while eliminating the need for costly and risky data conversations from one system to another.


For all questions regarding government laws & regulations seek legal counsel. The information on this site is not a legal opinion or legal advice.