E-Handbook: Best practices for healthcare data migration to the cloud Article 2 of 3

adimas - Fotolia


Components of a cloud-based healthcare disaster recovery plan

As more healthcare organizations turn to the cloud for disaster recovery, IT must address HIPAA requirements and connectivity to ensure data is protected in a DR scenario.

With the growing transition to cloud computing in healthcare, not every IT department will choose to shift everything at once. Some IT departments are hosting their healthcare disaster recovery (DR) in the cloud, while others are moving virtual machines or other components. Although more IT departments are taking advantage of the cloud's low cost of entry and flexibility to replace their aging backup and DR hardware with DR as a service (DRaaS), there are several factors IT teams must take into consideration if they choose to rely on an outside vendor to host their most important digital assets.

Over the last decade, most hospital IT departments have been using mature backup and DR tools to keep their systems and data protected and recoverable in case of a system failure. Hospital users have always been confident that their IT staff can guarantee a system uptime of 99.9%. However, with the increasing use of cloud services for data protection purposes, IT must adjust to the new reality of cloud-based DR options. Here are some of the top considerations health IT pros must keep in mind as they implement a cloud-based healthcare disaster recovery plan.

HIPAA and other compliance requirements

Hospital IT departments are aware that PHI must be encrypted in transit and at rest to protect the information and meet strict HIPAA compliance requirements. As a result, it is almost certain that all backups are fully encrypted and stored in secure locations to ensure their protection. Despite the newness of cloud DR services and its security hype, IT is still required to ensure their new DRaaS initiative meets all HIPAA requirements. This includes having a business associate agreement and ensuring all HIPAA mandates are met through the appropriate configurations and setup. Failure to do so can increase exposure and unnecessary risks.

Connectivity between cloud DR site and on-premises workloads

One of the appeals of cloud computing is its flexibility when it comes to scalability. IT has the ability to quickly provision more storage and computing power within minutes by choosing a few options from a web portal. The same flexibility is available as part of DRaaS, making it an attractive service for those looking to expand their DR as they provision new systems. However, one common challenge that IT faces frequently when implementing disaster recovery is heavy data traffic due to backups and replication between on-premises workloads and their DR destination. Connectivity or appropriate bandwidth can make the difference between a successful DR implementation or its failure. Since connectivity speed is critical for recovering systems in a DR scenario, any miscalculations could mean systems may not be recovered in a timely manner.

Frequent testing to address potential recovery faults

A significant advantage cloud-based healthcare disaster recovery tools have over traditional DR tools is their flexibility when it comes to testing and recovery systems. IT can spin up as many servers as needed as part of their recovery testing with no significant investments into infrastructure. The pay-as-you-go or pay-for-use model eliminates any burdens for additional hardware purchases. Despite its ease of use, cloud environments require just as much testing as -- if not more than -- traditional DR environments due to concerns of replication issues or connectivity problems. Cloud vendors provide easy-to-use DR solutions that can be tested independently while continuing to protect production systems with just a few simple clicks.

Hybrid consideration for instant failover vs. backup destination

There are two models to choose from when it comes to backup solutions in a cloud environment. One only uses the cloud as a storage destination and is limited to storing BLOBs of data or replicated data. The second model is the DR option in which EHR servers and other critical workloads are replicated at the image level to the cloud to support failover when primary systems are down. Both options should be implemented in order to address all data protection and business continuity needs together. 

Cost control and management

When it comes to cloud billing, IT departments frequently complain that it can get confusing for them when they review the charges associated with everything from the data download to licensing fees. In order to ensure cost controls and accurate budgeting, IT must define all the costs associated with their DR strategy upfront and forecast what the overall estimated monthly fees would be.

The cloud for healthcare disaster recovery eliminates the upfront investments needed for traditional on-premises DR solutions. The cloud has also proven to be far more scalable and flexible for healthcare organizations that are continuously expanding their environments and in need of flexibility to accommodate their fast-growing systems. Despite the appeal that cloud-based healthcare disaster recovery services have, concerns around costs, security and speed of recovery remain top of mind for many.

Next Steps

Check out our glossary of cloud recovery terms

Dig Deeper on Healthcare IT systems and applications

Cloud Computing
Mobile Computing