According to a study published recently by HIMSS Analytics, a large number of hospitals depend on outdated and inefficient practices to backup and archive their patient data.

The survey undertaken by HIMSS comprised of 150 senior IT professionals from across the nation. The objective was to assess how these professionals protect data from potential loss, and archive it to meet compliance requirements. The findings, unfortunately, were not very surprising. Inconsistent processes adopted by healthcare organizations are putting patient data at risk, and putting unnecessary pressure on IT storage budgets.

Most respondents said they classify an average of 75% of their clinical data as “active” – meaning they store it on-site for immediate access, a surprising practice, given that less than 30% of this data is accessed after 18 months, and could be moved to more cost-effective storage mediums, according to the report.

Hospitals also, are not following the practice of having data archiving strategies. Slightly more than half of the hospitals surveyed, said they had one in place, out of which 83% said they only did it because of compliance reasons. Hospitals need to know, that much of the archived data is not accessed over time and a good strategy can reduce their IT budgets to a great extent.

However, more alarmingly, 31% of the hospitals did not have disaster recovery and business continuity plans in place, casting serious doubts over their ability to deliver care in an emergency situation. Another 42% of the respondents said that they do not have a documented data retention policy which specifies, how long they can store backup and archival data for, before destroying it.

“The amount of data flowing through our healthcare system today has rendered the old ways of managing it obsolete,” said Michael Leonard, director of product management, healthcare IT services for Iron Mountain.

“Data vital to the business and near-term clinical operations should be backed up to remote data centers, allowing for fast access and protecting the data from extreme weather events or other disasters that could wipe out onsite servers,” he said. “Less active data being kept for compliance reasons or future research needs doesn’t require the same level of access and can be stored on offline media.”