Protecting Your Medical Practice's Data

February 3, 2012

Data loss happens at physician practices more than you might think. Here's the scoop on how to implement a good data-backup plan.

A few years ago, before the onset of EHRs and e-prescribing, some physicians might've said solo practitioner John Lin of Sunrise Urology goes a little overboard when it comes to protecting his data.

All day, every day, the Gilbert, Ariz.-based Lin runs two hard drives with copies of the same data on his desktop computers - a process called "data mirroring" whereupon his original hard drive's data is mirrored by another hard drive. Then, he makes sure to back up centralized data on his server using even more sophisticated multiple hard-drive setups, backs up to tape daily, and about once or twice a month, he takes his backup tapes offsite . In addition, patient data is also sent to two remote data centers securely and automatically throughout the day.

But in 2012, at a time where an increasing amount of data is digital and hard drives fail constantly, Lin's actions are ones your practice might want to mimic.

"It is critical that we do everything we can to ensure uninterrupted data [integrity]," says Lin, adding that on multiple occasions, he has gotten an error message about a failing hard drive and had to swap out it out for a new one (without losing business continuity). Without a second hard drive, his data might be lost forever.

Is your practice doing everything it can to prevent its data from getting lost?

Here's how data loss can happen to you - and how to prevent a worst-case, data-loss scenario.

Data loss consequences

Anyone who's had her computer crash for no apparent reason knows that data is susceptible to sudden loss. And it's more common than people think, says Jason Mitchell, assistant director for the American Association of Family Physicians (AAFP) Center for Health IT.

"Total loss of everything you've put into an EHR system is fairly rare, but loss of a day's worth of notes, or a few day's worth of notes, I believe happens quite a lot," says Mitchell.

Yet there are plenty of practices doing little to nothing to protect their data.

"I'm not the norm," says Lin, referring to some of his physician peers. "Most people think, 'well, it's not going to keep working, and I'm going to bury my head in the sand and not worry about it.'"

But losing data can have serious consequences for your practice.

For starters, when physicians can't view patients' medical history, patient safety is at risk.

"From a patient safety standpoint, not having that data to look back on significantly hinders the ability to provide good-quality patient care," says Mitchell.

On top of that, losing data means you can't bill for a service, at least until the data is restored.

And the process of restoring data takes hours. Interestingly, many practices that don't take the time to do regular backups because they want to save a few minutes or hours end up losing more time in the long run.

"One of the problems we're seeing is that in smaller practices where doctors are backing up their data, backing up to tape drives can take a while," due to increasing data, says Mitchell. "For practices that have been using a system for a number of years, the backup system they had in place used to take two hours [to run], and now it's taking four hours, or six hours, to get a backup from the previous take."

Then there are legal implications of data loss.

"There are legal issues on record retainment," says Mitchell. "In most practices you have to keep records for an extended period of time."

And even if your computers are in tip-top shape, data loss can happen at any time, and for any reason.

What to do when you do lose data

Your screen goes black. What do you do next?

First, says healthcare consultant Marion Jenkins, CEO of QSE Technologies in Englewood, Colo., you should make sure the computer you're working with is plugged into an electrical outlet.

If it's plugged in, the first step is to identify the data that is to be recovered or restored, and then try to figure out where the most recent version of it is. Is it on backup tape? Is it on another tape? And then you would follow the process of restoring data based on your system's instructions.

And when you finally get ready to restore the data, be prepared to not use computers for several hours. The process of restoring your existing data via a backup system - with or without the help of an IT consultant - can take anywhere from a few minutes to several hours, says Jenkins.

If you haven't been backing up your data on a regular basis, that's a different story.

In a worst-case-scenario - which is rare, but possible - practices can try to retrieve their data via the process of data recovery through a business IT center. But it's expensive and should only be a last resort.

"It's $10,000 or more and chances are you're not going to get all of your data back, so you're restoring it from fragments," says Jenkins. "It could take upwards of a week, and if you get 80 percent of your data back you'd be lucky."

Preventing future data loss

Scared about losing data now that you're aware of how easy it is to lose and difficult to recover? Lucky for you there are a slew of tried and true methods of preventing future data loss. Consider implementing some of these suggestions:

• Know your signs. Though computer screens do go blank on occasion, there are a couple of potential signs your practice can watch out for, says Jenkins. In addition to a black screen, a laptop that makes a clicking sound could mean your hard drive is on the verge of failure. Slowness of a machine, on the other hand, isn't. "The most common sign of heart disease is death, and very often the first sign of hard drive failure is a black screen of death," he says.

• Create a contingency plan for data loss and downtime. The best way to be prepared in the event of data loss is to have a plan in place. The AAFP suggests putting a plan in place for short-term and long-term outages. For example, in a short-term outage that's less than one day, stop scheduling non-acute visits until the next day or enter information on paper forms. For a long-term system outage, practices might want to consider implementing alternative scheduling options, alternative data access, and alternative data entry methodologies.

• Purchase a mirrored hard drive. Savvy practices don't rely on a single hard drive backed up to tape. Adding a mirrored hard drive - which only adds about 10 percent to 20 percent to the cost of a practice's EHR system - is a good, easy way to ensure that if one drive goes bad, you're covered. "Instead of the black screen of death, you get an error message that you lost one of your hard drives," says Jenkins

• Test your hard drive regularly. To ensure your data is protected by a solid, functioning hard drive, test your hard drive or backup hard drive during down times. To do a test restore, Jenkins suggests using another set of servers that aren't live and see if you can restore data to that system. "If you're backing up a server, and you're using that server for e-mail, if you test [your backup] on your actual e-mail server, it could corrupt that data," says Jenkins.

• Comparison shop for data backup systems. There are many ways to do perform data backup, from using hard tapes to external hard drives to storing data at a remote center offsite. What works best will depend on your resources. Raleigh, N.C., pediatrician Terry Brenneman used to take a few minutes out every night to do a tape backup, and then bring it home with him, but sometimes it was easy to forget to do it several days a month. Today, Brenneman outsources an IT company to do cloud-based data backups once a day offsite, to a remote data center. "Since we backup every day the most we could lose is one day's worth of data," says Brenneman. "We also print up at the beginning of the day all the appointments that are scheduled, so if a system crashes we can reconstruct the clinical note."

Though Jenkins warns "cost is definitely not the only - or most important - consideration," what you'll pay for adequate data backup depends on a variety of factors, such as how much data you have. For example, a typical medium-size practice might have 2 terabytes of data.

"A tape backup system to back up 2 terabytes would cost between $7,000 and $10,000 one time, including software," says Jenkins. "It would probably last about five years, so amortized over 60 months that's about $150 per month." Online (data center) backup, which may be more convenient, typically costs anywhere from less than $.50 to over $1 per gigabyte per month, so 2 terabytes would cost between $500 and $2,000 per month.

Marisa Torrieri is an associate editor for Physicians Practice. She can be reached at marisa.torrieri@ubm.com.

This article originally appeared in the February 2012 issue of Physicians Practice.