Best practices for healthcare data centers
Healthcare data centers are subject to such complex demands that it can be challenging to diagnose and prescribe the best way forward when contemplating change.
In the same way that multiple medical disciplines are united to work together smoothly within a healthcare facility, so must the many IT systems that support these disciplines, including providing seamless integration with foundational systems such as practice management, the databases supporting Electronic Health Records (EHRs), and integration of mobile devices and the Internet of Things (IoT).
In fact, according to the Insight white paper 11 Best Practices for Healthcare Data Centers, “Put a bunch of Chief Information Officers (CIOs) and other IT leaders in a conference room with peers from other sectors, and those from healthcare probably have bragging rights for having the toughest job. The stories they can tell: legacy systems, plenty of purpose-built specialty solutions, and physicians and other staff requiring instant access to all – with life-or-death consequences.”
And there is plenty of Governance, Regulation and Compliance (GRC) to attend to – including mandates that may seemingly pull in different directions, such as the need to tightly control security of patient data and personally identifiable information, while on the other hand supporting the ability to securely share properly cleansed data with other organizations in the pursuit of medical research and providing optimal outcomes.
All of this makes it critically important to have a robust discovery phase when considering changes within healthcare data centers – whether refreshing hardware, deploying new software, supporting mobile devices and the IoT, or integrating cloud-based resources.
Healthcare represents an environment in which a multitude of disciplines and practitioners are brought together to function holistically for the most noble of endeavors – saving lives and improving the quality of life for those served. So it makes sense to work as a cross-functional team, including representatives from all the major stakeholders during the discovery phase.
Each organization will create its own cross-functional discovery team, but some essential stakeholders generally include a wealth of IT knowledge – including infrastructure, application and security specialists – as well as someone from your GRC and legal teams. You’ll want to have good representation from the clinical side to inform how doctors, nurses and technicians use resources. Your team can also benefit from non-clinical line of business users, such as human resources, facilities and administrative services. You’ll also want to have a strong C-level sponsor, ideally the CEO, to overcome barriers and ensure adoption.
While your cross-functional discovery team provides a valuable real-life pool of knowledge and view into your own operations, it is also good to seek an outside voice – in the form of a vendor-neutral third-party advisor to provide guidance based upon how they are seeing others solve similar challenges within healthcare.
An experienced, vendor-neutral, partner can provide a bigger picture across healthcare technology, and help you explore questions you may not have considered. This helps you learn from the experiences of other healthcare organizations. It provides a view into how others are making use of mobile devices for EHRs and other functions, and how the IoT is being used for monitoring and gathering other metrics within the clinical setting, as well as from patient homes. Such an advisor can also provide guidance on how to maximize cloud-based resources without causing GRC concerns.
Defining your starting point
One of the foundational tasks of any discovery effort is to begin with a comprehensive assessment of your existing data center infrastructure. A robust – and up-to-date – configuration management database (CMDB), or similar solution, can be a powerful tool for assessing your existing infrastructure of hardware and software assets currently deployed.
Your cross-functional team can help IT go through CMDB findings to identify applications, hardware or devices that are no longer used and should be retired – something that streamlines database operations while also enhances security by reducing potential attack surfaces. The cross-functional team can also help identify applications that are candidates for modernization, and can be used to map and track interdependencies between applications, data sources or services, as well as flag issues for follow-up review.
These days any data center discovery process is likely to involve at least consideration of cloud-based resources. Some relevant questions might include: What’s the main driver of your data center transformation? Are you seeking increased capability? Increased agility? Or cost reduction? The answer may very well be some combination of the above. The discovery process may help you establish the highest priorities.
Arguments can be made for and against using the cloud in healthcare. Your cross-functional team will be able to conduct a more productive discovery process if it has a strong idea – perhaps worked out with a scoring matrix – as to how your organization might and might not consider use of cloud-based resources.
Security, of course
Security is critically important for healthcare organizations, as they typically have substantial IT infrastructure, are subject to tight GRC requirements, and frequently have extensive use of mobile and IoT devices in support of clinicians and field staff working out in the community. The infrastructure assessment phase of the discovery process can provide an opportunity for GRC and security members of the cross-functional team to examine existing resources from a compliance and security viewpoint. In addition to your older applications and resources, you’ll also want to look at how information is secured on mobile devices used for EHR and other applications, as well as encrypting data being sent to or from IoT devices.
During the discovery process, your cross-functional team should determine whether you currently have a security framework (sometimes referred to as a Security Policy Framework) in place. If so, make sure it is in use and up to date. If your organization doesn’t have a security framework, it should find a solid framework and adopt it to help protect your critically important IT operations.