What medical records storage requirements should you insist on?

When determining medical records storage requirements, there are several things that need to be considered. One of the first considerations should be the number of IOPS that the system is able to deliver. The EHR system's hardware must be able to keep pace with the anticipated read and write requests, while also reserving capacity to deal with future increased demand.

Overall storage capacity is also a major factor that must be considered. EHRs consume a considerable amount of space. When determining your medical records storage requirements, it is important to estimate the data growth for at least the next five years, while also increasing your estimate by anywhere from 5% to 20% to deal with unexpected levels of consumption. Remember that even if the volume of records being created were to remain constant over the life of the system, advancements in medical imaging resolution will likely cause imaging files to become larger over time.

When determining medical records storage requirements, it is not just the characteristics of the physical hardware that have to be considered. You will also have to consider how the data will be stored and managed. For example, HIPAA does not specifically require data to be encrypted (although it is possible that state-level regulations mandate encryption), but given the penalties for the exposure of electronic protected health records your storage really needs to be encrypted, preferably at the hardware level.

Likewise, your system will also need to ensure that data retention requirements are met. While data lifecycle management is not typically a hardware function, you are going to have to account for the long-term retention of otherwise inactive data when defining your medical records storage requirements. Many organizations for example, implement a high-capacity, low-cost, low-performance storage tier specifically for storing aging records until those records are allowed to be purged.