Hospital Data Security

Due to the great influx of data, which seems to be growing by every second, protecting information is one of the biggest challenges facing healthcare industry today. Hospitals, doctors’ offices, pharmacies and continuing care facilities deal with vast amounts of sensitive records and privacy data on a daily basis. This data usually traverses their network everyday. Thus, loss of this data could mean devastating monetary and intangible losses. The entire healthcare industry could come to a grinding halt as patient records, hospital procedures, medications, financial and employee records could be lost. Data loss could also raise some serious questions regarding the hospital or clinic's brand and public reputation.

Data loss in the healthcare industry does not occur due to one reason. Usually data in hospitals and other healthcare institutions is compromised or lost due to:

Data Theft
Natural Disasters of floods, tornadoes and earthquakes
Manmade disasters, which include hacking, electrical discharges or sudden power spikes due to information overload, terrorism

It is important to distinguish between data theft and data hacking in hospitals. In the former case, data is stolen and is lost to the institution forever. In data hacking, data is copied and duplicated for profitable purposes. This means that the institution does not lose the data. The privacy of the data is invaded and its details float in the public arena tainting the goodwill name of the hospital. In either case, security is compromised. A similar case occurs when there is too much information being fed onto one computer. Generally, hospitals encrypt their data, which is automatically transferred onto a master server. In other words, all computers rely on the master server for their daily function.

This increases the fragility of data security in hospitals. Failure of the master server is automatically translated into failure of the entire computer network of the hospital. The hospital stands to lose vital information of:

Medical records
Social Security numbers
Bank account numbers
Credit card information
Driver’s license information
Logins and password credentials

Thus, modern healthcare institutions, especially hospitals tend to perceive the issue of data security holistically. This means that the hospital realises that data security is dependent on the successful and continuous function of other healthcare and administrative functions within the hospital. Data security cannot function alone. As the first step, the hospital has to consider server and storage consolidation. It needs to look at where the server and storage system is severing. This involves harsh measures of removal of the existent server.

In UK, hospitals usually employ 4 x new Dell PowerEdge 2850 Servers configured as VMWare Virtual Infrastructure Nodes, Dell PowerEdge 1850 with VMware Virtual Centre, 2 x EMC CLARiiON CX500. Storage arrays with mirroring and snapshot technology, a Dell PowerVault 132T LTO tape library for data back-up are also used. Server to SAN connectivity is provided through McData 4G Fibre Channel switches in a fully redundant configuration. This ensures that all information safely traverses the network and gets secured in the master server. Controlling the performance of the master server ensures optimal and vertical performance by the entire network. Thus, the problem of information overload and sudden power spikes is successfully solved.

Many hospitals are toying with the concept of 'thin-clients' as a sure way to avoid the hassle of storage and consequent network failure. But even this method is dependent on an efficient, fully backed-up and powerful master sever. A hospital needs to consolidate all information under certain heads for easy and speedy access. It has been argued that information overload usually occurs when information is not properly documented.

A second step involves meeting disaster recovery and compliance needs of the hospital. This comprises mirroring the master server and installing it at a secondary site. This prevents data loss due to theft and natural disasters. Hospitals usually install VMware ESX software to centrally manage the new network and intelligently make provision, reallocate and protect storage assets across the entire system. VMware pools hardware allows multiple operating systems and applications to access available resources across the IT infrastructure. These data security measures protect data and also provide for:

service availability ensuring applications meet set availability requirements through data replication and data protection solutions
information access control ensuring that access to information is controlled at both user and application levels
Data retention ensuring the accurate retention of specific information for set time periods








Article Source :http://infopool.webverve.com/