Healthcare organizations house enormous amounts of data – amounts that have been multiplied many times over since the widespread adoption of electronic health records (EHR) systems over the last decade. What few of these groups know how to reckon with, though, is how to best manage data that’s no longer in use – particularly data from systems the organization has since retired. What’s the best way to handle this information?
When data is no longer in active use, the best thing that healthcare systems can do it archive it. Archiving data is different from backing it up for continuity purposes. While systems may find ways to use this data again later on, data archiving is premised on the idea that the system the data is connected to no longer exists. This can apply to any of the major data management systems used in healthcare, from EHRs to medical imaging platforms and opioid use monitoring platforms. As such systems are decommissioned, the data should be archived.
Why Keep Your Data?
If you’re no longer using a given platform and you aren’t simply migrating the data to a new system, why should your organization keep it? There are several advantages to maintaining archived data.
First, and perhaps most importantly, your system may need to maintain legacy data for compliance reasons. Hospitals and other providers are generally required to respond to certain types of records requests, so even if your organization has changed systems, you’ll need to have that data archived in a vendor-neutral way. Vendor-neutral archiving offers limited, HIPAA compliant accessibility via centralized storage and a consolidated search system. And if compliance is your only goal, you don’t need a particularly advanced storage system to meet these goals.
Other Reasons To Archive Data
While compliance is one of the most important reasons to archive legacy healthcare data after a platform transition, it’s not the only one. Many healthcare organizations also retain data for future research into care improvements or related projects, in which case it’s critical to ensure that when you decommission a data system, you also export and appropriately store any associated metadata.
Many healthcare organizations also choose to archive data for financial reasons and security reasons, which often go hand in hand. Consider, for example, an old piece of software used to manage healthcare data. Over time, as the system is replaced by more modern platforms, the company announces they will no longer be updating it. That’s a problem since old software quickly becomes a security risk. While your organization could pay to manage this outdated solution, that’s going to be more expensive than simply archiving the data and eliminating the old platform – indeed, research shows that 85% of organizations that have archived data from legacy IT data have seen financial benefits. Particularly in the era of software as a service, it doesn’t make sense to keep paying the subscription fees for software that is no longer providing a service, but is actually a liability.
A Matter Of Priorities
Archiving may not always be the right choice for an organization, and when to archive data is a decision that needs to be made on a case-by-case basis, and is often a matter of organizational culture. Large, urban hospital systems are far more likely to focus on liability and risk management in their archival process; the sheer volume of data on hand can represent a cybersecurity risk for these systems. Smaller, rural systems with a stable patient base, as well as research organizations, are more likely to focus their archival processes on retention and accessibility – relative to volume, these groups are more likely to go back to reference their decommissioned system data.
Big Data, Big Costs
Healthcare data archiving is positioned to become a critical issue in over the next several years as organizations migrate between systems and data volume continues to grow. Simply put, keeping old systems HIPAA compliant is going to become increasingly untenable, financially and technically. Add to that the concerning fact that cyberattacks on healthcare systems have been on the rise and healthcare organizations will find themselves faced with enormous fines for data breaches, above and beyond those costs incurred by their primary systems. In 2019 alone, data breaches cost healthcare organizations over $4 billion.
Are there solutions besides data archiving that can provide healthcare organizations with the security and access they need while remaining compliant? It’s a pressing concern, and one with no real answers, though some have proposed a more holistic approach to cybersecurity and others have suggested that more of these groups need to employ a Chief Information Security Officer (CISO).
Unfortunately, solving problems associated with active data is ultimately a different task than managing security and access to data from decommissioned data, and they won’t be solved more efficiently by addressing them together. Though both elements need to be safeguarded, for now, data archiving remains the most reliable and affordable solution for older data.
Now it’s time for more organizations to tackle data archiving as a central pillar of their security plans.
