06-26-13 | Blog Post
Offsite Data Centers are Key to Healthcare’s Disaster Recovery
Catastrophes can happen at anytime and anywhere. Just ask the staff and patients at the Moore Medical Center in Moore, Oklahoma, when last month a deadly tornado struck the medical facility leaving it unsalvageable.
In October 2012, we saw how Hurricane Sandy affected hospitals when New York University Langone Medical Center and New York City’s Bellevue Hospital had to shut down operations and transfer patients to nearby hospitals due to power outages and backup generator failure.
Such destructive events bring disaster recovery planning to the forefront of every CIOs mind. This is extremely important for healthcare organizations needing to protect their electronic health information (ePHI) and meet HIPAA compliance requirements.
Interested in learning what to include in a HIPAA compliant data recovery plan? Read Components of a HIPAA Compliant IT Contingency Plan.
Preparation Is Key for Disaster Recovery
“You need to be prepared,” says Julie Dooling, Director of HIM Solutions at the American Health Information Management Association. She suggests that healthcare organizations should build disaster recovery planning into their everyday operations and workflow. Some of the key elements in disaster recovery planning are finding an offsite data center as well as other backup protocols.
Dooling recommends that offsite data centers should not be located within the same geographic region as the healthcare facility. A catastrophic event like a tornado or fire could easily wipe out a hospital and data center all at once if located at the same facility. She also recommends that healthcare providers ensure the data center is not located in a flood zone or in a region that experiences natural disasters on a regular basis.
Unfortunately, there is no clear cut answer of how far a disaster recovery site should be located. One thing to consider is looking at the probability and scope of natural disasters occurring in your selected region. For example, if you are located in the U.S. southeast, where hurricanes are a legitimate threat and can cause considerable damage, the distance should be further than data centers in the Midwest.
The Midwest and especially Michigan is an ideal location for disaster recovery. Michigan has very low probability of natural disasters and has only declared 2 major disasters in the past 10 years according to the FEMA website.
For Michigan data centers a safe distance between disaster recovery sites is 50 miles. You can be in one state and still have both your production and disaster recovery location protected. This protective distance still allows your IT staff to respond and travel to your disaster recovery site in less than an hour.
Dooling also recommends that healthcare organizations should have clear provisions with their data centers that include what the data center is accountable for in the event of a disaster. Processes for retrieving backed up data should be clear as well as the responsibility of lost data due to a disaster at the data center site.
Online Tech also recommends looking for a data center with cloud-based disaster recovery. Cloud-based disaster recovery replicates the entire hosted cloud (servers, software, network and security) to an offsite data center. This allows for faster recovery times than traditional disaster recovery solutions. Read more in Seeking a Disaster Recovery Solution? Five Questions to Ask your DR Provider