HIPAA compliance may hinge upon diligent data center monitoring

HIPAA compliance may hinge upon diligent data center monitoring

Health care organizations must ensure ready access to PHI for emergency scenarios.

It can sometimes be easy to overlook the role of data centers in critical industries such as health care. For the most part, these facilities are behind the scenes. On a daily basis, administrative staff at hospitals, clinics and insurance companies give the actual storage location of sensitive company and patient data very little thought. As long as they have access to it when they need it, they have few reasons to contemplate where it's being held, and how it's being protected.

For data center management and IT staff, on the other hand, maintenance of the servers on which this data lives is a daily imperative. Whether it's a company server room or a colocation data center, a multitude of factors go into ensuring the safekeeping of critical health information. Among them are power and climate management in a data storage facility. If for any reason health information is lost or becomes inaccessible, a business may have more at stake than an unsatisfied customer. It could be found in violation of the Health Insurance Portability and Accountability Act. 

Security, ready access to health information are vital 

Much of the news pertaining to HIPAA lately has been in regard to data breaches, but there's a lot more at play than just cybersecurity: Peoples' lives may be at stake. 

In the event of an emergency, patient information must be readily available. This is one of the key benefits of digital health records. In theory, it is far more difficult for them to be misplaced or misfiled. Rather than having to sift through a sea of file cabinets, medical staff can instantly access vital documents that may help save a person's life. Information, such as what medications someone is allergic to, can make all the difference in an emergency situation. 

In an interview with TechRepublic, industry expert David Pollard pointed out that the benefits of immediate access to online health records are indisputable, but that organizations must ensure they remain compliant with HIPAA. While securing protected health information (PHI) from hackers is a big part of achieving HIPAA compliance, so is protecting it from other less malicious threats, such as outages. If a facility's power infrastructure or environment is even slightly mismanaged, any resultant downtime could hamper access to PHI and other medical data to the professionals who need it most. 

Health care organizations need a way to monitor a data center's vitals.Health care organizations need a way to monitor a data center's vitals.

The role of data center monitoring

According to Data Center Knowledge contributor Mike Klein, data center managers must hold themselves accountable in order to guarantee HIPAA compliance across the board. While there aren't specific technical outlines for ensuring uptime in the data center, so as to protect PHI, health care organizations are no less responsible for a breach of HIPAA if it happens at the data center level. 

"The safest and most diligent practice to protect ePHI is to ensure that the same policies, risk management, safeguards and ongoing compliance governance standards are followed no matter where ePHI resides," Klein wrote. "This means that data centers, whether in-house or outsourced, need to fully embrace complete responsibility for ePHI."

"Diligence can preempt power management problems."

A big part of assuming this responsibility is assuring that power and climate management in the data center is meticulous. Regarding the former, intelligent power distribution units play a key role in ensuring that power loads are being distributed proportionally and reliably. Any unusual current spikes or rises in energy consumption will be caught early with power monitoring sensors embedded in the PDU. This degree of diligence can preempt power management problems that might otherwise lead to downtime. 

The same can be said for environmental monitoring. From a physical security standpoint, dry-contact sensors installed near server room entry points can detect the opening and closing of doors. This will alert data center managers to unusual or clearly unauthorized entry into certain parts of a facility. Likewise, climate sensors that aggregate temperature, humidity and dew point metrics are vital to making sure that environmental factors will not damage hardware, which could precipitate outages. 

Health care organizations need a reliable way to keep close watch on data center infrastructure and to preclude the variety of failures that might lead to an outage. Geist power monitoring and environmental monitoring solutions supply this diligence when it's needed most, which for health care companies, is every second of every day.