Channel Questions Impact Of Medical Data Storage Act


New regulations that require the medical community to secure and archive patient records for seven years are creating huge new pools of data. But it may be an opportunity that will bypass the channel.

Solution providers say the requirements of the federal Health Insurance Portability and Accountability Act (HIPAA) are not stringent enough and will leave most storage solution providers scrambling to pick up crumbs.

The problem is trying to convince customers of the long-term benefits of injecting technology into the storage of medical information, said Hope Hayes, president of Alliance Technology Group, a Hanover, Md.-based solution provider that targeted and subsequently abandoned the HIPAA market.

Some large integrators that handle the majority of medical imaging contracts have been making proposals to do the complete infrastructure of an entire medical community, leading customers to believe that only large integrators are capable of bringing the community up to snuff with HIPAA, Hayes said.

 
>> Solution providers say HIPAA doesn't go far enough in regulating means of securing records.

 

"We would tell our clients about HIPAA, but when it came to writing the check, they balked," she said. "They were afraid of finger-pointing. Medical people, especially doctors, are afraid of anything that might not be compliant. But a big integrator can come in, sell them the same StorageTek tape library, but at list price, and tell the hospital there is no finger-pointing, and the hospital ends up paying more."

HIPAA is intended to ensure that new employees can qualify for medical insurance without a waiting period, as well as reduce incidents of health-care fraud and abuse. At the core of the regulations, however, is the requirement to guarantee the security and privacy of patients' health information. All these tasks should require increased storage capacity, observers say.

The health-care industry, even without HIPAA, is a "monster" when it comes to storage acquisition, said Steve Duplessie, senior analyst at The Enterprise Storage Group, a Milford, Mass.-based consulting firm. He notes that a single MRI can consume several hundred megabytes.

The regulations are detailed and complicated, said Duplessie. Under HIPAA, patient records must be securely kept for seven years. "Maybe no one will ever access them, but they have to have them," he said.

But how a health-care organization retains records securely is unclear. "If you are a regional hospital, you might just need to lock the paper files in a file cabinet," said Eric Linxweiler, vice president for infrastructure solutions at Logical Networks, Bloomfield Hills, Mich.

Eryck Bredy, president of Bredy Network Management, a Woburn, Mass.-based solution provider, said his company builds SANs with more stringent requirements than those of HIPAA. But mergers and acquisitions have killed the hospital market and made it tough to take advantage of HIPAA, he said.

"As the hospitals get larger, they work more directly with storage vendors," Bredy said. "They also start to develop in-house IT skills. If it is a small hospital, they can't afford such skills. But when they get larger, they can afford them."

The federal government has set time limits for health-care companies to become HIPAA-compliant, but extensions are commonplace,another obstacle for solution providers. "The health-care industry doesn't feel the pressure," said Jeff Swartz, director of security services for Computer Configuration Services, an Irvine, Calif.-based solution provider. "The federal government won't put its foot down, like it did with Y2K."

Despite the obstacles, however, solution providers are finding opportunities to attach storage to HIPAA-compliant systems, especially when it comes to data backup and restore.

Scott Slack, vice president of marketing at Columbus, Ohio-based Adexis, the storage division of Cranel, said much of the storage on the front end of health-care IT systems is tied to medical imaging, which means a large part of that business goes to the imaging integrators.

However, solution providers without HIPAA-specific expertise can connect storage on the back end of the infrastructure, Slack said. "People ask us, 'What do you bring to the table in expertise?' [I tell them we do data storage," he said.

Todd Huntley, president of SanServe, a Roseville, Minn.-based storage solution provider, agreed that the back end of HIPAA offers plenty of opportunities. "We are selling storage to hospitals which conform to HIPAA, but we don't go after that business," he said. "The hospitals have to have a practice which requires remote vaulting of data, and we have tape libraries and other storage products we can sell them."