When designing and implementing IT systems, choosing where to store your business-critical healthcare data is an important decision. There are typically three storage design concepts used in enterprise-grade storage solutions: onsite storage, offsite storage, and hybrid storage. Each approach has its own advantages and disadvantages, so it’s essential to choose a design concept that applies to your requirements. Below, we will explain each approach and its pros and cons.
The storage of healthcare data is protected by federal legislation, known as HIPAA, which establishes that sensitive electronic patient data and records must be stored within a compliant and secure storage solution.
What is onsite storage?
In onsite storage, data and storage hardware are geographically located internally to your business or healthcare organization. You may have a computer room or data center onsite where the storage arrays are securely located. All your internal systems will have direct access to the storage within the same building or organization, usually over an internal Local Area Network (LAN).
What is offsite storage?
Offsite storage is when data and storage hardware are located at a remote location away from your business. Examples of offsite storage include leasing a storage solution in a remote data center or leveraging a managed service provider’s data center. However, more recently, offsite storage often refers to cloud storage from a cloud service provider. This could include cold storage, data buckets or enterprise-class cloud-based solutions.
What is hybrid storage?
This article will focus on onsite and offsite storage advantages and disadvantages; however, for the benefit of completeness, it’s important to mention hybrid storage. Hybrid storage is a mix of offsite and onsite storage approaches. A typical hybrid setup could be a local storage array at a head office which replicates data to an external cloud-based location; such a setup could be for backups or data integrity reasons.
Pros and Cons – Onsite Storage
Pro – Performance
A significant benefit of onsite storage is the performance improvement enabled by having the storage local to your organization. Local storage results in very low latency and fast response, with high-speed data transfer rates. The storage might be configured to use local high-speed storage network (LAN) or even high-speed fiber connectivity.
Pro – Security
With local storage, you are in control of your own data security. Healthcare data is particularly sensitive and providing you have appropriately trained employees, you can protect patient data at the compliance level required with internal security protocols. Your organization can define security policies and retention rules that offer you the best compliance standards. Such internal protocols give an organization the ability to keep sensitive and critical data onsite, safe in the knowledge that the data is not on a non-HIPAA-compliant external 3rd party storage appliance. If healthcare data is stored offsite, it must be with a managed service provider that provides HIPAA-compliant storage.
Con – Expensive
The initial outlay spend for storage can be extremely expensive depending on the size of the storage array, the support contracts purchased, and whether you opt for SAS, SSD or a full flash disk platform. You may also need to outsource the installation of the hardware to a third party, provision additional cabling throughout the business, and provide additional power and cooling resources.
Con – Support
The storage device will need to be managed, maintained, and upgraded in-house. Your IT department or storage team will need to build, allocate resources, and balance the performance of the storage. Depending on your support contract with the vendor, you may need to pay for replacement parts when they fail. You will also need to have monitoring capabilities for the storage to ensure optimal performance. Daily operational tasks may be needed, including data center checks, expanding LUNs, and other routine storage tasks.
Con – Deployment Process
Purchasing an onsite storage solution can be a very slow process. Such a storage solution is a big investment and will require many skilled engineers to implement.
You will need to:
- Choose the hardware and installation setup that best suits your needs
- Prepare purchase orders and gain cost approvals from the business
- Purchase fibers, SFPs, cabling, SAN switches, and network switches
- Wait for manufacturing and delivery of the devices (delays are common in the manufacturing process depending on the global demand)
- Allow time to test the hardware, upgrade firmware, rack and cable the device
- Cable the data center, computer room, and building locations
- Design and configure the storage pools
- Testing storage connectivity, resilience, and performance
- Finally, implement the solution and migrate production services to the storage array
Con – Storage Lifecycle
With onsite storage, you are responsible for security updates, firmware upgrades, and software patches to the storage array. Consideration must be given to future expansion, as you will need to arrange purchasing and implementation of expansion trays. Consideration must also be given to the lifecycle of the storage; plans must be made for when the storage becomes obsolete, and eventually, you will need to retire the storage array and upgrade.
Pros and Cons – Offsite Storage
Pro – Scalability
Offsite storage has several major advantages. Arguably the most prominent is the scalability of offsite storage solutions. The cloud provider or managed service provider is responsible for offering storage which can be expanded on demand. Cloud providers can offer huge volumes of flexible data storage to their clients, who in turn do not need to worry about future-proofing or expanding their own solution.
Pro – Cost & Value
Offsite and cloud storage is extremely affordable; in most circumstances, you only pay for what you use. There is no initial outlay for expensive storage platforms and no additional maintenance or support contracts. There is significant value in using a managed storage solution, as the third party provider is solely responsible for the storage solution and associated hardware; there is no need to employ expensive storage consultants, and it also opens the door to additional services that can be purchased, such as backups, data replication, and 24x7x365 monitoring of storage usage to prevent major incidents.
Pro – Fast Deployment
With offsite cloud storage, the infrastructure is already in place, and the platform is already available to use. There is no waiting for purchasing and installation of hardware, and the client can simply plug into the cloud storage and get started immediately.
Pro – Managed Storage Service
The cloud provider will usually have a team of storage experts and subject matter experts who own the solution and manage the service for its clients. Many providers offer automated object storage deployment, where blobs of data storage can be assigned and removed when needed. The managed service providers will deal with hardware failures, manage engineers, repairs, and the storage layer, and allocate data between clients and devices. Importantly, the managed service provider is also responsible for the storage lifecycle and upgrade planning.
Pro – Connectivity
Offsite storage can be made available over an internet connection or a dedicated virtual private network for added security. This flexible approach to connectivity is great for clients, as it makes accessing data extremely easy. Dedicated network links (sometimes known as express routes) can provide high-speed data pipes between the clients and the storage for ultra-fast connectivity.
Pro – Performance
Offsite storage performance has gotten significantly faster in recent years. Network improvements have boosted the performance of storage and, in most circumstances, provide near real-time response rates.
Con – Security and Privacy
One of the major concerns with offsite cloud storage is the security and integrity of data. Data protection and privacy are extremely important for business organizations. If you choose to move data to an offsite storage provider, consideration must be given to compliance as well as the security measures in place to protect the data. Offsite storage must be protected from unauthorized access and should always be encrypted.
Con – Compliance and Data Governance
For many organizations, there are complex compliance and governance rules which must be adhered to when securing or destroying data. The location of the data is also important; many businesses are forbidden by auditors to store sensitive data outside of the US. Others, such as healthcare organizations, have specific rules of how data must be securely stored.
Con – Lifetime Costs
Consideration needs to be given to the long-term needs for storage. Offsite storage is often affordable; however, there may be a risk of vendor lock-in when an organization is reliant on the provider’s organization. This may result in a lifetime of monthly charges for data usage, so it’s important to weigh up if the overall costs and benefits outweigh implementing local storage.
Con – Speed
Although cloud/offsite performance is generally very good, some data-intense applications may perform better using local storage. Even if dedicated express routes are used, latency and network bottlenecks may impact performance.
Con – Noisy Neighbors
When choosing offsite storage, it’s important to understand whether you will be leveraging dedicated offsite storage or if you will be using shared storage. Will there be contention for resources from yourself and other clients? It is important to consider the “noisy neighbor syndrome,” where another client may have several IO-intense servers which could hog resources on the shared storage platform. Most good storage providers will provide QOS, but this risk is important to remember.
Ready to invest in offsite storage? Contact Atlantic.Net today for information about our HIPAA-compliant hosting and HIPAA cloud storage solutions!