First, a bit of a review before going into the new material (details about each data layer):
“ILM” often stands for information lifecycle management, but in enterprise imaging it stands for image lifecycle management. As we discussed in part 1 of this series, it’s a data retention efficiency tool that’s used to manage an imaging study over its lifespan. ILM involves moving older imaging studies to a cheaper tier of storage to keep the cost of managing the studies as low as possible. What is not commonly talked about in ILM discussions is the protection and management throughout the entire life of the study. Because enterprise imaging makes up the bulk of the data stored within a hospital organization, it’s a prime target for ransomware attacks. We’ve all read in the news about how rampant ransomware attacks are, daily costing healthcare organizations millions of dollars. Each day, the threat landscape becomes more sophisticated and increasingly dangerous for IT environments. IT departments are expected to manage and to maintain data securely throughout its lifecycle.
Protecting any electronic data is not an easy task these days. But for medical images protecting Protected Health Information (PHI) for multi-year retention periods regulated by each state can be especially daunting. How do you control who can access the data? How do you monitor the data to know whether anyone has tampered with it? What happens if the data becomes corrupted or affected by ransomware? You need to consider and address each of these questions when dealing with any PHI data, not just imaging data.
An easier way to lay out an ILM strategy is to define layers. Layers are individual and distinct but should work together as a system. This approach creates an environment that minimizes risk and allows you to execute recovery procedures more efficiently and consistently. Data layers consist of the following:
Here is the new information about each data layer and solutions that support that layer:
Protecting medical images should start at the infrastructure layer by protecting hardware-level data and its resilience. All storage vendors have redundant hardware components and RAID-level protection schemes. But NetApp® RAID-TEC™ data protection technology handles three drive failures before you lose any data. This capability is huge because of the length of time it takes to rebuild today’s large data drives. One of the industry-leading features of NetApp storage is nondisruptive operations. You can service or expand your storage array without taking your system offline. In clinical settings, avoiding downtime saves money, time and lives.
Backups and retention matter to everyone involved with imaging, and methods of backup and retention have evolved as technology has advanced. In the imaging environment, you need multiple backups. First, you need to back up the database, and then you back up the images. The backup processes of imaging vendors vary. Some vendors include a proprietary backup process and others require the healthcare IT organization to handle the backups as they see fit. Because imaging databases are usually common off-the-shelf databases, backing them up can be done with standard backup agents.
You can have an imaging application or by a storage vendor handle your image replication. When you replicate images with an application, your backup peer is aware of the image at the application layer. This method of replication supports the continuity of your clinical business, because you can point at your backup peer whenever you experience downtime.
With storage-level image backups, you can restore your primary storage environment whenever you have downtime.
Your healthcare organization’s recovery point objectives (RPOs) and times affect whether you choose asynchronous or synchronous replication. Synchronous is harder to implement and more expensive, but it provides nearly real-time replication of the data.
NetApp stands out as a storage vendor because NetApp provides incremental NetApp Snapshot™ copies at whatever intervals you need. These copies give you an added layer of protection. You can also lock Snapshot copies so that they can’t be changed. This industry-leading feature protects you against ransomware: You simply go back to a Snapshot copy of your data before the ransomware event and quickly restore your environment. Because you can make a NetApp Snapshot copy immutable, you are protected against new sophisticated ransomware that corrupts other storage-based snapshots.
Image retention is important because you need to comply with state-regulated laws about how long to retain medical imaging data. The laws vary between states and have special guidelines for images like mammography or pediatric images. After you archive, you should lock them until their retention period has ended. In this way, images remain unchanged but can be read multiple times—a process often referred to as write once, read many (WORM). You can use NetApp SnapLock® Compliance to protect files from deletion or alteration over the lifespan of the image.
How about the image file or the hardware? What happens if the system is breeched, and an outsider can read the image? What if drives are stolen from the system? To combat these problems, it’s best to use end-to-end encryption, including data-at-rest encryption. Encryption can be managed by your software or by an outside key manager. NetApp handles encryption within its NetApp ONTAP® software with NetApp Volume Encryption (NVE). You can also use NetApp Storage Encryption (NSE) with NetApp encrypted drives and an external key manager to gain an extra layer of protection.
Because of General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other regulations across the world, IT professionals need to identify and map sensitive data across their imaging environments. And because of new exposures of personal data, new regulations keep being adopted. It’s more critical than ever that you have systems in place to map this sensitive data, report on its use, and deliver proof of strict management.
Healthcare is known for its compliance regulations like Health Insurance Portability and Accountability Act (HIPAA). Patient privacy breeches are common in the news, and healthcare organizations routinely pay huge fines for being out of compliance. Breeches and fines can be due to IT organizations that do not take PHI seriously or organizations that have not invested in the proper infrastructure. Images are no different from other PHI: They contain sensitive data. You need the proper controls in place to help your organization maintain constant control of its PHI and maintain compliance. With proper controls, you can classify your data by type and keep it safe from everyone who should not have access.
With the NetApp solution, you get an up-to-date dashboard of what kinds of imaging data you have. NetApp Cloud Data Sense discovers potential data risks, automates data governance tasks to identify cost savings opportunities, empowers data privacy and compliance teams, and generates data protection impact analysis reports. You protect your organization from compliance risk by storing sensitive PHI where you want it and integrate data governance with compliance protection.
Because medical imaging makes up most of the data that a healthcare organization stores, controlling who can access imaging data is crucial. Controlling access can be tricky because of the number of users that use the imaging application daily. Access is usually controlled through multifactor authentication (MFA) and/or role-based access control (RBAC). These methods don’t control internal access into imaging systems. Internal controls can be harder and less well understood by picture archiving and communications system (PACS) administrators.
If you want to control internal as well as external access, you and your IT team should consider Zero Trust. The typical model for access is to “trust but verify” before allowing access to the data. Zero Trust is designed from the inside out to “verify and never trust”—building gateways that protect assets like data, services, applications, and assets that need extra controls. Zero Trust works hand in hand with NetApp FPolicy™, which is especially helpful in your monitoring layer.
How do you keep tabs on your data or know if something has been tampered with? Fortunately, several third-party software vendors specialize in monitoring the state of files and objects. Typically, what is missing is the integration that allows systems to work together. NetApp has solved this problem with NetApp FPolicy. FPolicy is an infrastructure component within ONTAP that you can use to monitor and set file access permissions. With FPolicy, you can direct how your storage system handles requests from individual client systems for operations such as create, open, rename, and delete.
At the end of a retention period, you can purge from your system any images that have met your criteria for keeping them. This kind of purging is called policy-based deletion. Policies can include safety nets to give extra protection to images like mammography or pediatric images. However, most organizations don’t ever delete imaging data. Historically, keeping images forever was for legal or research reasons. And because of the growing popularity of augmented intelligence and machine learning, your healthcare organization might continue to find long-retained data useful.
ILM techniques can be super-valuable to organizations that are struggling to manage mounds of medical imaging data, especially in very large environments. To be successful, you need to understand the technology and limitations of the imaging vendor, all aspects of the imaging department’s workflows, and business objectives. Careful planning and involvement of key stakeholders across the organization is also important. Often overlooked are the data protection and security needed to manage the imaging data over the lifetime of the image.
To learn more, check out these resources:
Tony has 30 years of medical imaging and healthcare IT experience. At NetApp, he manages several medical imaging vendors and provides industry thought leadership and education to NetApp’s healthcare business. He has published articles and a newsletter and has taken part in several imaging industry events at NetApp. Tony’s career began as a registered radiology technologist . He has applied this experience in several different roles over the years, in designing, selling, and implementing multiple enterprise imaging solutions.