News

How Modernising Data Management Strengthens Electronic Health Records Security

 

Health Records Security by Ezat Dayeh, SE manager UK&I at Cohesity

Advances in data management can revolutionise Electronic Health Records (EHR) scalability without compromising availability, security or compliance.

Many sectors can be characterised by the term ‘data explosion’, but nowhere is this truer than in healthcare. Not only is the industry collecting more data than ever before, but that data is also being used more widely, across more locations, and in a more granular way, to provide each patient with the best possible quality of care.

The potential of Electronic Health Records

While it might be just one sub-area of the vast landscape that is healthcare data, Electronic Health Records (EHRs) are a vital part of the healthcare system. Implemented well they enable every healthcare organisation involved in an individual’s care to see at a glance key information. That might include health conditions, treatments and medicines, allergies and past reactions to medicines, tests, scans and X-ray results, lifestyle information, such as whether a person smokes or drinks, and hospital admission and discharge information.

Now in 2020, a wide range of different centres, specialist and generalist, public and private deliver healthcare. Sharing information between them is complex, particularly where providers buy their own systems which don’t easily communicate with all others. The issue is compounded as people travel more, including across national borders, so that data sharing has to navigate data standards, linguistic, privacy and compliance, and even time zone issues.

Yet from the perspectives of patient care, scalability and economy, an EHR needs to be able to travel freely and unencumbered along a complicated highway stopping where it needs to stop as often as it needs to do so. In all of this, backups are as important in this as live data.

The attraction and value of data

It is unsurprising that with so much personal data held within them, EHRs are of interest to ‘bad agents’. A ransomware attack, which effectively cuts off access to EHRs, can completely dismantle a healthcare organisation’s ability to do its job. Without access to patient data, it can’t serve the patient. Ransomware attacks can target both working files and backups, and when both are compromised, a healthcare provider is really in trouble.

They are also really in trouble if they have a clean backup but don’t have the confidence that it is complete, or the capability to restore it at speed. There is a very real sense in which restoring a clean, complete backup is a key capability in the fight against ransomware attacks.

This is not a revelation, so what’s stopping healthcare organisations from getting to a position where they have clean, complete backups, and can restore them at speed?

Putting faith in backups

Backup systems can be low in the pecking order when finances are scarce, with the priority given to live systems. But backups are live too. And they can play a central role in modern compliance requirements. For example, the GDPR, which applies to any country that handles data of a European citizen, requires that personal data is stored securely, that it is easily located, and easily deleted when not required. Including from backup systems.

Being confident that an organisation can get back up and running quickly with the most up to date information restored after an issue is vital, and in healthcare lives can depend on it. This makes having state of the art backup systems a ‘must-have’. Yet far too often, we see both backup and recovery systems that are time-consuming, and that have not been tested for a long time, so there is little confidence that they really can restore everything.

Backup systems also need to be as robust as live or production ones when it comes to data security. Ransomware attacks are here to stay, and they are known to target the healthcare sector because of the vast swathes of personal data. One way to fight a ransomware attack is to restore a clean, up-to-the-minute backup, albeit not the most recent as that itself might be compromised. Legacy systems will not provide the frequency of backups needed to eliminate data loss, and might not provide the required level of assurance. There is little point spending time, effort and money restoring a backup that is itself compromised.

Just keeping legacy backup systems going is not an option due to the higher total cost of ownership compared to modern approaches, they require significant management time, and can often need a specifically dedicated and expensive headcount.

Proof in action

Replacing a legacy backup system with something more modern, that takes a more advanced approach to data management reduces backup and restore times, and at the same time provides enhanced security and compliance. When Cohesity provided Riverside Healthcare, operating in five counties in Illinois, Texas, with backup and restore services, it gained time savings of 70 percent for backup and restore. Not only that, but its data storage capacity requirement was also reduced by 50 times. A single virtual machine can be restored in 20 minutes where previously it took hours.

Such time savings can be of immense importance when accessing an EHR could be time-critical for an aspect of patient care. But to achieve this while also making cost savings is a double win. Lowered storage capacity requirements are one aspect of tangibly reduced TCO. At Riverside Healthcare data centre storage was reduced both by eliminating the use of tape and by requiring considerably less rack space than previously. In fact, the overall cost saving was more than 30%. It so happens that Riverside Healthcare uses Epic, but the principle applies to any EHR system.

Focus on the person, always

What matters most with Electronic Health Records is their availability. There is little point creating them if all you’re doing is providing target practice for bad agents and their ransomware. To ensure EHRs are indeed available whenever they are needed, a healthcare provider needs confidence that their backup systems are reliable, safeguarded from attack, and can be restored at speed.

At the end of the day, healthcare backup systems that use legacy technologies are expensive to maintain, can be challenging to scale, provide a lack of consistent security cover, don’t enable mass file restore, and likely are unable to deliver at the speed required when they are most needed. It is time for healthcare companies and trusts to re-evaluate their approaches to data management because what was an issue for the IT team, is now becoming a matter of life and death.

Categories
NewsTECHNOLOGYTELEHEALTH

Join our audience of healthcare industry professionals

Join our audience of healthcare industry professionals

X