GRAPH Rank the importance of each driver in influencing your organization s investment in data management technology ( being the most important): Healthcare data is growing exponentially, largely as a result of the meaningful use of health information technology (IT) electronic health records (EHRs) in particular. The Centers for Medicare and Medicaid Services reported that more than 90,000 eligible professionals and hospitals received nearly $0.7 billion in Meaningful Use incentive payments through the end of December 0, a substantial increase from its November 0 totals. The adoption of mobile devices is also a major contributor, with clinicians using them at the point of care and remotely. Manhattan Research reported that physician adoption rate of tablets, for example, rose from 5 percent in 0 to 6 percent in 0. Additionally, advanced picture archiving and communication systems (PACS) are producing more and larger image files than ever before. In an August 0 report, Frost & Sullivan estimated that for the past five years, PACS storage requirements in U.S. hospitals grew more than 0 percent per year and topped 7,000 terabytes in 0. As data grows, so does the need for storing, managing, accessing and protecting these critical assets. Indeed, the Frost & Sullivan report projects that overall storage and archiving volume requirements for U.S. medical imaging data will cross the one exabyte mark in 06. To gain insight into the complex challenges of data and information management in healthcare, HIMSS Media surveyed 46 healthcare professionals in December 0 and January 0. More than 90 percent of the respondents work in healthcare systems, multi-hospital systems, stand-alone hospitals or outpatient organizations. The survey, which was sponsored by CommVault, a leading provider of data and information management software, also looked at the applications and business needs that are driving healthcare providers data growth, and the areas within their organizations that will receive infrastructure investments in 0.. Ensure regulatory compliance. Improve operational efficiency. Support new apps/systems 4. Align with organizational strategic goals 5. Plan for disaster recovery 6. Minimize storage costs 4 5 6 Managing data to comply with federal mandates Not surprisingly, healthcare providers are investing in data management technology primarily to meet regulatory compliance requirements. When asked what drivers may be influencing their organization s investment in data management, ensuring regulatory compliance was identified by 4 percent, followed by improving operational efficiency, which was identified by 7 percent (Graph ). Despite its role in ensuring compliance, planning for disaster recovery was identified by only percent of survey respondents. GRAPH Has your organization implemented an ediscovery/enterprise Search solution to support regulatory compliance around HIPAA or PCI? Yes: 6% No: 7% Unsure: 7% One of the core functionalities of a combined data and information management solution is data backup, which assists healthcare providers with regulatory compliance by maintaining a recoverable copy that can be accessed when needed. Healthcare IT budgets often do not pay adequate attention to disaster recovery. Indeed, any entity subject to the Health Insurance Portability and Accountability Act (HIPAA) must have a continuity plan in place that allows for continued access to electronic protected health information (ephi) in the event of an IT system or network failure. HIPAA disaster recovery requirements mandate healthcare organizations to formulate and adopt an ephi data backup plan in addition to disaster recovery and emergency mode operation plans. 7% 6% 7% Survey respondents also were asked if their organization has implemented an ediscovery or enterprise search solution to support regulatory compliance around HIPAA or Payment Card Industry (PCI) standards. It is disconcerting that an equal number of respondents (7 percent) either didn t have a solution in place or didn t know if they had a solution in place (Graph ), especially given that regulatory compliance was identified as the main driver for investing in data management technology, and disaster recovery falls under regulatory compliance. The steady increase in data breaches should be a wake-up call for healthcare providers who have not implemented solutions to protect their information.
Ponemon Institute s December 0 annual report on the financial impact of breaches revealed that data breaches are trending upward; 94 percent of hospitals have experienced a data breach within the last two years, with 45 percent having experienced more than five breaches in their organizations. In 00, 9 percent experienced more than five breaches in their organizations in the previous two years. The privacy research firm estimated the average economic impact of these breaches represented in its report at $.4 million, up $400,000 from its 00 study. Overall, nearly $7 billion is being spent in the industry to respond to data breaches. Furthermore, in January 0, the Department of Health and Human Services (HHS) announced the first-of-its-kind settlement of a data breach that affected fewer than 500 patients. In the last three years, more than 57,000 data breaches, affecting fewer than 500 patients were documented compared with 500 data breaches involving more than 500 patients. Now that HHS is imposing fines for data breaches of 500 patient records or less, smaller clinics and ambulatory systems need to respond to this threat and approach this space more seriously, said Jay Savaiano, director of business development for CommVault. Not only is the financial cost in fines and identity theft protection services for the victims significant for mid- to small-size organizations, the harm to reputation is equally damaging. Geisinger Health System s Disaster Recovery plan Geisinger Health System needed to be able to restore burgeoning data from its electronic medical record (EMR) system and PACS in a reasonable amount of time, according to Paul Spotts, storage manager. Approximately six years ago, the Danville, PAbased health system switched to CommVault s Simpana software to back up everything in its Windows environment. Restoring data under its disaster recovery plan with its previous application required an off-site, three-day process. With Simpana, recovery is done on site and setup is completed within hours. For the nationally recognized health system, having a timely and efficient disaster recovery plan in place is essential for regulatory compliance. With the ability to quickly access its data, Geisinger not only complies with HIPAA disaster recovery mandates, it also improves operational efficiency, addressing its top three priorities for its data management technology investment. Now that HHS is imposing fines for data breaches of 500 patient records or less, smaller clinics and ambulatory systems need to respond to this threat and approach this space more seriously. Jay Savaiano Director of Business Development, Healthcare CommVault Geisinger Health System, a physician-led healthcare system that serves nearly million people in Northeastern and Central Pennsylvania, will deploy an ediscovery tool in the near future to bolster its disaster recovery plan. While all of its critical applications are mirrored, the chance of corruption can never be fully discounted, according to Paul Spotts, storage manager for Geisinger. CommVault s Simpana software solution includes an ediscovery interface a self-service tool for legal departments that finds and reports on unstructured content in shared and personal directories and in email. Even before a data breach can occur, the legal department can set policy and have the ediscovery interface search for and flag protected health information (PHI) on laptops and tablets, remove it, and find and remove PHI within unstructured data. GRAPH With the growth in laptops, tablets and smartphones within healthcare, is your organization concerned that PHI in unstructured content (email, Word, Excel, etc.) may be getting stored outside of our environment? Yes: 6% No: 9% Unsure: 0% Locking down unstructured content in mobile devices Nearly 6 percent of survey participants responded that their organization is concerned that PHI in unstructured content, such as email, may be getting stored outside of their environment, especially given the growth in usage of laptops, tablets and smartphones within healthcare (Graph ). It s all this additional content that organizations aren t aware of that becomes a liability, Savaiano noted. One respondent commented that security and compliance are his organization s highest priority. Shared public cloud-based solutions are commonly used to share large files because they re easy to use; however, many of these solution providers won t sign Business Associate Agreements (BAAs) with healthcare organizations, which require them to demonstrate HIPAA compliance. Without 0% 9% 6%
BAAs from their solutions providers, healthcare organizations bear the responsibility of protecting and securing PHI. GRAPH 4 Please rank your IT spending priorities for 0 ( being the most important). While denying employee access to all shared public cloud-based solutions is one way to approach this issue, healthcare providers can also choose to proactively address it, Savaiano said. Simpana allows healthcare organizations to develop policies that manage the data more securely on clinicians BYOD devices. Simpana provides internal storage via ContentStore, which gives clinicians access to their data through their BYOD device in a cloud-like function that is centrally managed inside the healthcare organization s data center. Data can be indexed and searched, while ediscovery functionality is applied to the data, even when clinicians access their content on someone else s laptop or on multiple devices. Healthcare providers can be proactive and offer ContentStore with the same type of functionality that exists inside their environment, he said. It s the unstructured content with PHI that s bouncing around out there that they need to get their arms around. The value-added benefits of a comprehensive data and information management solution Survey respondents were asked to rank their IT spending priorities for 0 in five categories, with being the organization s highest priority (Graph 4). EHRs ranked first by a significant margin. Driven by the Meaningful Use criteria, it is not surprising that 70 percent of respondents anticipate seeing the most data management growth in EMRs in 0, while 4 percent of respondents identified PACS for data growth (Graph 5). One respondent noted, We are integrating more medical devices into the EMR as a large project, which translates to more data flowing between device and EMR system, and the need for greater control over that data. 4 5. Electronic health records. Healthcare data warehousing. Health information exchanges 4. Information governance 5. Disaster recovery/continuity planning With your investment in an EMR, you need a solid disaster recovery strategy one that has a comprehensive continuity plan for how you re going to be able to access that data if and when disaster strikes. GRAPH 5 In which of the following areas do you anticipate seeing the most data management growth in 0? Other: % None: % Email: % Unsure EMR Jay Savaiano CommVault works with most of the major EHR vendors and supports nearly all of the storage and database vendors to remain ahead of the curve with vendor releases of solutions and upgrades, Savaiano said. In this era of Meaningful Use, healthcare providers should be fully leveraging their data and information management solutions in order to support EMR implementations. With your investment in an EMR, you need a solid disaster recovery strategy one that has a comprehensive continuity plan for how you re going to be able to access that data if and when disaster strikes, Savaiano said. 8% 4% 70% Healthcare organizations want to simplify and consolidate their health IT systems and environments, especially with strained IT departments, he added. With a focus on PACS and EHR implementations, IT departments want their underlying operational tools, such as backup, to be as fluid and uncomplicated as possible. A comprehensive solution like Simpana, is hardware agnostic and establishes one set of policies in one common architecture to support all databases and clinical and nonclinical applications. This is far more time and resource efficient than requiring staff to oversee five or six disparate products to manage data in their environments. PACS
Simpana can also de-duplicate content on the unstructured side all the way out to the desktop. By saving only changes made to the data, as opposed to saving the entire document or all the information, healthcare providers eliminate excessive storage costs and minimize overhead on the network, according to Savaiano. Having a comprehensive, cost-effective solution is critical, especially when lack of funds is identified by survey respondents as the top barrier to healthcare organizations investment in data management (Graph 6). We re always just trying to make sure we get the best bang for our buck, said Spotts, of Geisinger s healthcare IT technology selections. GRAPH 6 In your opinion, what are the top three barriers to investing in data management within your organization? ( being the biggest barrier) One respondent commented, As a small private practice, it is difficult to understand data storage without relying on a trusted IT vendor. Medical managers are trying to stay abreast of the many new regulations in healthcare, including insurance, HR, Meaningful Use, PQRS (Physician Quality Reporting System), and now the new business taxes. Healthcare providers need to rely on their solutions to drive operational efficiencies so they can address the more pressing strategic issues facing their organizations. Data management is like building a tower unless planned well and the foundation is strong, you cannot go up further. Survey Respondent. Lack of funds. Structure of funding incentives. Resistance from Data Owners Data management: Laying down a strong foundation One survey respondent commented, Data management is like building a tower - unless planned well and the foundation is strong, you cannot go up further. The importance of implementing a robust, comprehensive data and information management solution cannot be overstated. While forward-thinking healthcare providers are leveraging such solutions to meet several key initiatives, many are at the starting gate. One respondent wrote, We are in a very primitive stage as opposed to being involved in all aspects of data storage and governance issues. With a solution that s easily deployed, however, it s never too late for healthcare providers to proactively protect healthcare data and their reputations. About CommVault A singular vision a belief in a better way to address current and future data management needs guides CommVault in the development of Singular Information Management solutions for high-performance data protection, universal availability and simplified management of data on complex storage networks. CommVault s exclusive single-platform architecture gives companies unprecedented control over data growth, costs and risk. CommVault s Simpana software suite of products was designed to work together seamlessly from the ground up, sharing a single code and common function set, to deliver superlative Data Protection, Archive, Replication, Search and Resource Management capabilities. More companies every day join those who have discovered the unparalleled efficiency, performance, reliability and control only CommVault can offer. Information about CommVault is available at www.commvault.com. CommVault s corporate headquarters is located in Oceanport, New Jersey, in the United States. A DIVISION OF HIMSS MEDIA Produced by MedTech Media, a division of HIMSS Media. 0 7 Pineland Drive, Suite 0, New Gloucester, ME 0460 07.688.670 www.medtechmedia.com Other significant data points from the HIMSS Media survey These charts provide a snapshot of industry-relevant data points from the HIMSS Media survey. What existing EMR systems are currently being utilized within your clinical environment? Other: 4%* Epic: 4% Cerner: % McKesson: % Allscripts: % Meditech: % Eclipsys: % Unsure: % *NextGen, GE Centricity, Siemens, eclinicalworks, VistA, homegrown and so on What existing PACS solutions are currently being utilized within your clinical environment? GE: 4% Other: %* Unsure: 7% Philips: % Siemens: % FUJI: 8% Agfa: 7% *McKesson, Carestream, DR Systems, outsourced and so on Please describe the status of your organization s current involvement in a Health Information Exchange (HIE): There is an HIE in our area and we participate in it: 40% We have not yet begun to plan to participate in an HIE: % Unsure: 7% There is an HIE in our area but we do not participate in it: 0% We are required to participate in a state HIE: 7% I do not know what an HIE is: 4% We participated in an HIE but it failed: % Are you presently using a cloud storage solution? Yes: % No: 6% Unsure: 5% (Of those who are not presently using a cloud storage solution, % said they plan on leveraging one in 0 to manage their data growth.)