The number and size of digital clinical studies are increasing, requiring a continuous expansion of storage requirements. The requirements for rapid access of clinical images throughout the healthcare enterprise (24 hours a day, 7 days a week), and retention and security of medical data are straining the storage management capabilities of most facilities. To minimize these constraints, health-care entities must consolidate their storage management resources from departmental silos of storage to an enterprise storage solution.

It is important to understand the relationship and responsibilities of the information technology (IT) department, radiology and other clinical departments that are intensive users of the digital enterprise. Together, they must establish standards to which all hardware and software that touches the digital enterprise must adhere. This is critical if the hardware and applications obtained from multiple vendors will seamlessly interoperate with a minimum of interfaces and rekeying of critical clinical data. Manually re-entering data will introduce single points of failure and errors that impact patient care.

The digital enterprise includes the infrastructure, computer hardware and software applications, clinical workstations, and the data center where the majority of the hardware (servers on which the applications are running and storage on which medical data are stored) islocated. The IT department is responsible for funding, managing and supporting the data center and the associated hardware and software.The cost to support a secure and highly available data center ¹ is significant, requiring personnel, power, cooling, and redundant infrastructure components, plus the cost for a second secure data center for disaster recovery. These costs can be reduced, and the risks associated with data loss can be shared, by outsourcing the required long-term storage and disaster recovery. ^2,3

Radiology departments must specify the characteristics of the computing resources and clinical applications they require, including response time for clinical queries; system availability; interoperability of clinical applications, single password log-on; the environment and ergonomics of the clinical workstation; IT response time to solve operational problems, and; storage requirements. These requirements must comply with operational standards mutually agreed upon by all parties.

The aspects of storage management that directly affect the productivity of radiologists and the welfare of patients are:

• Ability to select the clinical application that impacts their workflow and productivity.
• Accessibility of patient studies and related medical data.
• Ability to satisfy the informational requirements of the referring physicians and other healthcare professionals.
• Long-term availability of patient data including, data migration, disaster recovery and retention and destruction of electronic protected healthcare information (ePHI).

This article will discuss the fundamental aspects of storage management that radiologists should understand to ensure that the IT department supports their workflow and productivity.

Types of medical data

From a data storage perspective, data generated by radiology can be divided into data that may change after it is stored and is managed as a variable content file (VCF) or data that will not change once it is stored and managed as a fixed content file (FCF).

The VCF radiology data consists primarily of databases that comprise approximately 5% or less of stored radiology data. Examples of VCFs are the radiology information system (RIS) and the demographic database of the picture archiving and communications system (PACS). The high frequency of read/ write commands to these databases dictates the technology used to store, manage and replicate or backup these databases.

The FCF radiology data consists primarily of digital imaging and communications in medicine (DICOM) objects, such as images, structured reports and waveforms that comprise 95% or more of the stored radiology data. At any point in time, there will be from 4 to at least 2 copies of these FCFs stored. The storage and management technology for FCF differs significantly from VCF.

Storage management system architecture

The responsibility for managing the storage of ePHI is an enterprise responsibility and must be an integrated solution and not a departmental solution. Each department must specify the functional and security requirements for the ePHI it generates as long as any authorized user also has access to the ePHI.

The enterprise storage management system must provide the following capabilities:

• From a functionality perspective the clinical requirements of each application must be met.
  • Availability of ePHI-24 hours by 365 days with minimal to zero down-time.
  • Accessibility-response time to read (retrieve) and write ePHI to the storage system.
• Longevity and durability of the storage system and components to meet the mandated retention time for ePHI.
  • How long will the media and the components used to read/write to the media be available and be supported (technology obsoles-cence-typically 3 to 6 years depending on when purchased in its life-cycle). Will there be backward compatibility or will ePHI have to be migrated?
  • ePHI must be accessible for 5 to 10 years or longer, factors that affect durability include wear and tear from read/write components, temperature, humidity changes, etc. The integrity of ePHI on the media must be validated periodically.
• Scalability of the storage system to meet current and future storage requirements while minimizing future cost.
• Compliance with HIPAA relating to access control, data integrity, audit requirements and disaster recovery of ePHI.

Figure 1 illustrates the data flow and storage schematics for the variable content files (VCFs), e.g., the databases associated with theRIS and PACS. The options for backup and disaster recovery for these data are also shown. Figure 2 illustrates a 3-tiered data storagestrategy for fixed content files (FCFs), such as clinical studies.

• Tier-1 storage archives online studies for 90 days to 2 years depending on whether the facility is an inpatient or outpatient imagingcenter and depending on the makeup of the patient population.
• Tier-2 long-term storage is used to retain images for the legal life of the study.
• Tier-3 disaster recovery is a back-up copy retained for the legal life of the study.

After a study is acquired by the modality, it is stored there and forwarded to the PACS, which stores it on tier-1 storage and the study's digital imaging and communications in medicine (DICOM) header information is compared to the study data on the RIS. After verification, the study is forwarded to tier-2 storage and then to tier-3 disaster recovery. Initially, there will be 4 copies of the study. The study will generally be eliminated from the modality after 1 day or more, resulting in 3 copies being stored. Eventually, when the study is eliminated from tier-1 storage, 2 copies will be stored for the legal life of the study.

HIPAA

The Health Information Portability and Accountability Act (HIPAA) security regulations became effective April 21, 2005. They cover the confidentiality, integrity and availability (CIA) of ePHI. ⁴ HIPAA regulations include electronic health records past, present and future, relating to the physical or mental well-being of a person. The security regulations can be an effective tool to guarantee that IT provides the radiologist with a storage management system that will provide the required availability and accessibility to ePHI regardless of its location for as long is it is legally required to be retained-irrespective of internal or external factors. These requirements are essential if the radiologist is to provide diagnostic results in a timely manner to ensure quality patient healthcare.

Confidentiality is the assurance that ePHI is available to only authorized persons or organizations. HIPAA covers ePHI stored on any typeo f media including portable computers and related devices, as well as ePHI transmitted electronically via the internet, including e-mail. ePHI that is stored on media, or electronically transmitted, must be encrypted both when in transit and stored on physical media when it can be accessed by unauthorized individuals or organizations. This includes portable computers and memory devices.

Availability is the assurance that systems responsible for delivering, storing and processing ePHI are accessible in a timely manner by those who need them under both routine and emergency situations. HIPAA requires that 2 copies of ePHI must exist, so if 1 copy is accidently destroyed during its legal life (retention period), a second copy will be available in a secure and accessible location. Retention period can be defined as the mandated time (as specified by federal, state or local statutes) that medical information must be retained in its original or legal form.

Integrity is the assurance that ePHI is not changed unless an alteration is known, required, documented (audit trail), validated and authoritatively approved. When ePHI has been authoritatively approved, e.g. a clinical study has been interpreted and the report signed by an authorized person, it should be stored in a format that inhibits unauthorized alterations such as write once, read many (WORM) format.

Compressing clinical studies

Clinical studies, i.e. FCFs, can be compressed. The reasons for compressing images include decreased transmissiontimes, decreased storage requirements, decreased infrastructure bandwidth requirements for transmitting the images, and reduced cost of storage and infrastructure.

There are two types of compression: lossless and lossy. If lossless compression is used, the original image can be reconstructed from the compressed image without loss of any of the original data. This is accomplished by using the data redundancy within the image to decrease the image size. Compression ratios of between 1.8:1 and 2.8:1 can be achieved depending on the imaging modality and body part. The user should verify that the PACS vendor is using a DICOM-compliant lossless compression algorithm to compress the images. If the vendor is using a U.S. Food and Drug Administration (FDA)-approved compression algorithm that is not DICOM compliant, it may negatively impact interoperability of the images with other applications. It may also increase future data migration costs, as well as lock in the current PACS vendor, since the compression algorithm may be proprietary.

When a study is compressed using lossy compression, no clinically significant data is lost; however, the original information cannot becompletely reconstituted. Currently it is primarily used for web distribution of images for review purposes rather than primary interpretation. The compression ratio must be stated on each image of the study. The compression ratios depend on body part and modality. Typically:

• Computed radiography (CR) and digital radiography (DR) employ a 20:1 compression ratio
• Computed tomography (CT) em-ploys a 10:1 compression ratio
• Magnetic resonance imaging (MRI) employs a 5:1 compression ratio

A study by Dr. David Koff for the Canadian Association of Radiologists evaluated the use of 2 DICOM-compliant lossy compressionalgorithms and found that lossy compression had no effect on the diagnostic accuracy of interpretations made for modalities and body parts tested. ⁵ Centers in the United States now use lossy compressed studies for primary interpretation with the exception of mammograms, which is not FDA approved. The decision to use lossy compression for primary diagnosis is up to the physician. The use of lossy compression for primary interpretation and storage will significantly reduce the cost of storage management and possibly telecommunication costs.

A caveat: If lossy compression is used for primary interpretation, only store the lossy compressed study. Do not store the lossless compressed study because it is not considered the legal and original copy.

Retention and destruction of ePHI

Many of the retention and destruction requirements of ePHI are federally mandated by the FDA, HIPAA and others. In addition, state and local entities impose their own requirements, which in many cases are more restrictive than those federally mandated. To further complicate the matter, retention requirements are typically 5 to 7 years, but they vary by type of healthcare entity, by type of ePHI, and even by subcategories within radiology such as mammography and pediatrics. Images stored for purposes of complying with regulatory backup (disaster recovery) requirements must be of the same quality as images used for primary diagnostic purposes.

Resulting from the complex rules governing retention of ePHI, automation of its destruction is not currently possible. The most cost-effective solution to manage outdated ePHI may be permanent retention. Any study that is deleted must be documented, and the study typically will only be deleted from the demographic database and not from the storage media.

Clinical study storage requirements

Beyond 1 or 2 years, projecting the storage requirements for a radiology department is at best an educated guess. Storage requirements tend to increase as the capabilities of modalities are enhanced and new protocols are introduced for CT, CT angiography (CTA), MRI, MR angiography (MRA) and fused studies such as positron emission tomography (PET)-CT and single photon emission computed tomography (SPECT)-CT. This is also true in subspecialties such as women's imaging, which is rapidly going digital with digital mammography, MR, tomosynthesis and cone-beam CT.

Studies consist of images which are made up of picture elements, pixels, that have an "x" and "y" dimension. Each pixel contains a value that is 1 or 2 bytes and 3 bytes for color. The modality acquires the images in full resolution, i.e., uncompressed, and the PACS typically compresses the images in a lossless compressed format, which reduces the storage requirements by a factor of 1.8 to 2.8.

Table 1 illustrates the typical number of images and image size for a variety of radiological procedures along with the uncompressed and lossless compressed storage requirements for these studies. Note that as the image size doubles, e.g. 256 by 256 pixels to 512 by 512 pixels,the storage required for that image quadruples. Table 2 provides an estimate for the storage requirements for a radiology department performing 100,000 procedures distributed as specified at 4.1 terabytes (TB) uncompressed and 1.6 TB lossless compressed. Table 3 provides storage estimates for digital mammography for both screening and diagnostic studies. Table 4 provides similar information for breast MR studies.

Data migration

Periodically, the radiology studies stored on a storage system have to be moved, or migrated, to another storage system. Data migration is typically required when changing PACS vendors, when converting from departmental silos of storage to enterprise storage, sometimes when a PACS system is upgraded, when storage requirements need to be increased, and also due to technology obsolescence of storage components. ^6,7 To maintain system efficiency, data migration may be required as frequently as every 3 to 5 years. Data migration is both time consuming and expensive.

Every effort should be made to require vendors to store data in a vendor-neutral DICOM-compliant format. Depending on the amount of data to be migrated, data migration can cost hundreds of thousands of dollars and take a year or more. Much of the cost and effort of datamigration can be mitigated by outsourcing long-term storage and disaster recovery to a storage service provider (SSP) that maintains the datain a secure and rapidly accessible off-site data center that is vendor neutral. ^2,3,8,9

Disaster recovery and business continuance

Disaster recovery of ePHI is mandated by HIPAA. HIPAA security regulations require backup of retrievable exact copies, i.e. a copy from which the diagnosis was made, of all ePHI. ⁴ Figures 1 and 2 present disaster recovery strategies for both FCF and VCF. ^2,3 Disaster recovery provides the ability to restore ePHI that has been corrupted or deleted due to hardware or software failure, human error or a catastrophic event. Disaster recovery alone is not sufficient to provide the level of availability of ePHI required in a healthcare environment. Disaster recovery includes component failure, as well as human errors that comprise >95% of these events, whereas catastrophic events such as power failures,fire, flood and other natural disasters (or acts of terror) are relatively infrequent.

Business continuance must be implemented to provide a satisfactory level of availability of ePHI while the system failure is corrected and disaster recovery restores the unavailable ePHI. Business continuance provides access to ePHI via alternate pathways or workarounds within the institution. A business continuance plan is made up of multiple components, including:

• Work-arounds that are developed and documented to access ePHI from alternate locations or sources.
• Elimination of single points of failure in the infrastructure, application gateways and interfaces, etc.
• Installation of alternate data pathways if a transmission line should be accidentally cut, and installation of back-up power sources,including both uninterruptible power sources and automated emergency power generators.
• Implementation of a test server to run all new applications and upgrades prior to clinical use.
• Use of clustered or virtualized servers instead of direct-attached storage.
• Contracting an SSP to provide rapid access to ePHI (both FCF and VCF) that is stored off-site in a secure data center.

Vendors providing healthcare-related hardware or software must be required to provide well-documented service level agreements(SLAs) that are enforceable and contain monetary penalties if they do not adhere to their SLA. The SLA must contain a return to operation statement (RTO)

Disaster recovery can be implemented using several approaches that adhere to the letter of the HIPAA regulations, but not necessarily the intended spirit of HIPAA, i.e. rapid access to an exact unaltered copy of ePHI. ePHI can be backed-up to tape or other media and stored off-site in a fire- and heat-proof safe or with a secure storage vendor. These approaches satisfy the letter of the law and are inexpensive, but will not minimize downtime and they could expose the healthcare entity to lost productivity and other economic and healthcare risks.

Options that satisfy both the letter and spirit of the mandate, and provide a form of risk management insurance, ⁸ include:

• Back-up ePHI in a second, secure data center operated by the healthcare entity, preferably at a site >100 miles from the primarysite.
• Rent space and functionality at a tier-3 or tier-4 data center located at >100 miles from the healthcare facility.
• Store ePHI in multiple data centers owned by the healthcare entity and utilize grid-storage technology.
• Outsource the management and storage of ePHI for disaster recovery, and possibly for long-term storage, to an SSP.

The mandatory procedures and additional precautions discussed as part of disaster recovery and business continuance will add to the cost compared with a strategy that just adhered to the letter of the mandated requirements. However, these additional expenditures for disaster recovery and business continuance must be considered part of the healthcare facility's risk management expenditure, i.e. insurance,that will minimize or eliminate the cost of downtime because of human error, system failure or technology obsolescence. Calculate the cost for an adequate level of disaster recovery and business continuance against the tangible and intangible costs of downtime such as lost productivity, delayed patient care, diminished public relations and impact on cash-flow.

Conclusion

Isolated silos of departmental storage must be eliminated in favor of an enterprise storage solution. Storage requirements will continue to increase annually, however, the use of lossy compressed studies for primary interpretation, when in widespread use, will temper the need for an ever-expanding storage management system with faster networks for clinical studies.

The IT department must manage and fund the storage management system and provide radiology and other authorized users 24-hours-by-365-days access and availability to the stored, unaltered ePHI that is needed to provide cost-effective healthcare.

REFERENCES

1. Updated tier classifications define infrastructure performance. Available at www.uptimeinstitute.org. Accessed April 15, 2009.
2. Smith, EM. The outsourcing option. Advance for Imaging and Oncology Administrators. 2006;16:45-50.
3. Smith EM. Advantages of outsourced storage surpass expenses. Diagnostic Imaging. 2008;July(suppl):S1-S5.
4. 45 CFR Part 164; §308(a)(7)(i) Contingency Plan, §308 (a) (7) (ii) (B) Disaster Recovery Plan, (C) Emergency Mode Operation Plan, (D) Testing and Revision Procedures, (E)Applications and Data Criticality Analysis.
5. Koff D, Bak P, Brownrigg P. Pan-Canadian evaluation of lossy compression ratios for developments of national guidelines, Presented at SIIM 2007, Providence, RI.
6. Dilulio, R. Migrating with the times. Available at www.medicalimagingmag.com/issues/articles/2007-06_08.asp. Accessed April 15, 2009.
7. Valenza, T. Changing PACS: Time, Money and DICOM. Available at www.imagingeconomics.com/ issues/articles/2007-06_01.asp. Accessed April 15, 2009.
8. Smith EM. Risk Management. Advance for Imaging & Radiation Oncology , in press.
9. Langer SG. Issues surrounding PACS archiving to external third party DICOM archives, J of Digital Imaging, in press.