By Tim Kaschinske
@TimKaschinske
This is part 2 of 3 in a blog series intended to provide best practice information on using file-level protection within a hospital environment. Part 1 of this series was published during the week of Feb 4; Part 3 will be published during the week of Feb 18.
There are several best practices that can be implemented by PACS administrators and health IT administrators to protect the images stored either by PACS or VNA applications. These include:
- File management and data protection
- A storage-agnostic approach to support multiple storage locations and multiple media types
- Digital signatures
- Instant Data Protection
- Free space monitoring
Most importantly, these best practices should be implemented in such a way that the PACS or VNA application is unaware of the underlying protection methods being used. This helps to ensure that PACS or VNA operation is unaffected by their use.
File management to ensure data protection
The concept of file management is useful for data protection, since files are the lowest common denominator for the storage of unstructured data. To that point, PACS and VNA applications store images as files. This means that images can be protected by the process of file management in the same way as any other file data.
PACS administrators can implement file protection through the use of policies that take action based upon the file attributes. There are many file attributes that can be used to trigger a policy. Some examples of file attributes include:
- Created date
- Modified date
- Owner
- File type
Policies use the file attributes to determine how the data should be protected. Files of differing ages, types, or that are modified more frequently can be protected in different ways. For example, you may choose to implement a policy that protects files less than five years old to onsite, offsite NAS and offsite tape (for ultimate protection), and another policy that protects files older than five years to onlyoffsite NAS and offsite tape. How you implement policies to protect your data is up to you, but the key point is that the use of policy-based protection enables your system to be configured to match what you need for image file protection.
Policies operate by scanning the devices where the data is stored, reading the files, determining the file attributes, and then applying the data management policy. This process protects the files without affecting the PACS application or its performance.
Multiple storage locations and media
To protect the files with flexibility and assured availability, policies must be capable to write to storage media of varying types. This requires the capability to support many different types of storage. This applies not only to the storage devices available today, but also to those available in the future.
Healthcare image files often need to be protected and retained for 10 to 20 years or longer. Files protected today will need to be stored on different devices in as little as 5-10 years, as new storage technologies come into the market and/or existing storage ages and needs to be replaced. Thus, file protection, independent of the storage device, is critical for long-term protection.
Files should also be protected by storing the data across multiple devices simultaneously, to prevent problems arising from corruption on a single system. Furthermore, the files should be written to each device independently, rather than copying from one device to another. This avoids the proliferation of corruption that can result from replication alone. It is also a best practice to write the files to storage of different media types. This protects files from corruption due to defects that can occur within a specific media type and can provide for some economy of storage. Examples of different media types include:
- NAS, CAS & DAS
- Optical disk
- Tape
- Cloud Storage
Finally, files should be protected by writing to storage devices that are both onsite and offsite. Onsite storage provides operational protection and gives faster access to the data should it need to be quickly recovered. Offsite storage of data provides Disaster Recovery protection, which is in keeping with the model defined by most PACS vendors to help meet Meaningful Use and HIPPA requirements, among other considerations.
Digital signatures
Digital signatures, such as an MD5 hash, should be used to verify that file corruption has not occurred while the data is under protection. The digital signature is calculated prior to protecting the data. This digital signature can be used to verify that the data has been written correctly to each device but more importantly, at time of recovery, the digital signature can be used to ensure that the recovered data has not been corrupted. If corruption is detected, the data is automatically recovered from a different copy, ideally on a different device. In this way the integrity of recovered data is ensured
In part 3 of this blog series, I will cover additional best practices of when to copy and/or move files into the archive, the benefits of immediate file protection, and free space monitoring. Knowing how to use these approaches with PACS images can be extremely beneficial to ensuring the availability of healthcare images.
