As unpleasant of a subject as it is, there are times when Health IT is asked to produce data due to a legal matter. To mitigate the risk of not being able to produce said data in a timely fashion, which has very ugly consequences, let’s quickly define your options for storing and protecting healthcare data:
- Mutable: Storing a file in a mutable way means you can modify or delete it at any time.
- Immutable: Storing a file in an immutable way means you can not modify it or delete it. In best of breed storage systems you can set immutability to expire after a specified time.
- WORM: Storing a file on WORM (Write-Once-Read-Many) storage means it can never be modified or deleted.
- Legal Hold: Legal Hold takes a snapshot of data and stores it in an immutable way so that you can continue to modify the original data set.
- Auditable storage: Storage that keeps track of every action and point of access on a storage system.
- Integrity Seals: Patented Caringo technology that lets you store a hash of a specific file in a way that can be upgraded in the future to track developments in hashing technologies. This sealed file can be used in a court of law because the seal proves that the file hasn’t been tampered with.
The ideal Health IT storage architecture uses a combination of all of these options; mutable storage for the EHR application because health records are continuously changing, immutable storage and WORM storage for the PACS images to increase legal protections and protect from accidental deletion. It is common for EHR applications to also periodically take a snapshot of everything and transmit the deltas to WORM storage, so there is an unalterable record of the version of the patient’s file on that day and time. Legal Hold is needed in case there is litigation, but files still need to be modified. Similarly if there is an intrusion or some issue that needs to be investigated, audit logs are needed to show exactly what happened or if a file was truly compromised.
So, why do you need more than WORM? Because as you can see from above different levels of file protection are needed throughout the life of healthcare files. You need a storage system that keeps logs of who did what to which files at what time, and you need to be able to prove that those logs cannot be altered, even by the root system administrator. And you have to prove that the system does not ever let a file or any of its revisions be deleted. There is no way the EHR or PACS application can make those guarantees, and neither can the operating system or hypervisor.