Offsite Storage: Out of Site, Not Out of Mind

In this age of terrorism alerts, tighter security and mandated disaster recovery, some facilities consider the storage service provider (SSP) model for medical images a solution to their storage woes. While some proponents view the model as a solid way to easily move patient images from one institution to another - issues of security, bandwidth and government standards have influenced whether institutions embrace the concept. Although the offsite approach to storage has not caught on as rapidly in radiology as some had thought, the idea has won champions in the form of hospitals that see the SSP solution as their cost-effective storage choice.

The advantage of a storage service provider (SSP) approach for radiology images is sharing. "Digitizing film is going to save you some space, and it's going to make [the studies] more accessible," says John Webster, senior analyst and founder of Data Mobility Group, a firm specializing in storage and storage management. "Whether or not you do that in-house or outsource, the idea remains the same: you figured out a way to share [the images]."

What the SSP potentially brings is the ability for healthcare facilities to pay for that shared service on a monthly basis, as opposed to trying to buy the whole in-house solution up front. For smaller healthcare facilities, that can be fairly attractive. The perceived disadvantages may be required bandwidth - hospitals frequently lack it - and security, the old issues SSP had.

"[If] I give you my data, am I absolutely sure nobody else can see it, and second of all, how long are you going to be around?" Webster says. "If you go away, is that data going to go away? If I give you a record that has to be saved for years, according to regulation, what happens if you go belly up? How do I get my data back?"

Despite the perceived concerns, Webster doesn't see the offsite approach going away. "The world seems to be going to a different computing concept that is in part enabled by the Internet and in part by some other technology," Webster says. "This whole concept of computing grids that are being tried out at universities and scientific organizations is a way of sharing [multiple] resources that are spread out over geographic businesses, all interconnected internally and externally or by the Internet or wires with communications methods."

As communication means advance, centralized storage facilities that exist on the network are going to start looking attractive again. "Whether or not they're set up as storage service providers is another question, but I think we're moving in the direction of, at least partially, the concept behind SSP as far as network storage is concerned, which is a centralized storage facility that is connected with other processing [entities] and sharing data and storage resources," Webster says.

For the SSPs to succeed, according to Webster, they needed to become very applications focused, serving specific industries. "Healthcare is one of the places [SSPs] could be reborn, but I think [that will happen] under the roofs of the larger concerns, like a Deloitte & Touche or an EDS [storage service provider Electronic Data Systems] that are then going to use them as facilities to satisfy specific business requirements of their customer," Webster says.


Hartford Hospital in Connecticut, an 879-bed facility performing between 150,000 and 160,000 radiology exams per year, uses InSiteOne's InDex OnLine service approach to store images. InSiteOne's model uses a server located inside the hospital. The hospital has chosen a configuration that allows between one year and 18 months of studies to reside on the server. All modalities except mammography, which is not in digital format, will be included.

"As we send studies to InSiteOne and they're being read to the RAID [Redundant Array of Inexpensive Disks] that's inside, it's also being sent to their InSiteOne storage facility [elsewhere in] Connecticut, with a mirrored site in Arizona," says Lee Goldman, Hartford Hospital's chief of radiology physics and engineering.

The hospital is still in the process of implementing its picture archiving and communications systems (PACS), which will have from six to eight months of storage itself. The InSiteOne approach serves as a backup for those studies in-house, so if a study is newer than six months, a backup copy resides in-house. Studies older than 18 months are on the hospital's PACS server.

InSiteOne also serves as the hospital's long-term archive, meeting the requirement of storing studies for at least five years. It serves as an efficient disaster recovery mechanism. "InSiteOne actually keeps the records [on DVD] forever," Goldman says.

Hartford Hospital is a development partner with InSiteOne and has been involved in providing feedback and testing software. The hospital was interested in being involved with the development of a product so that when it came time to choose an archiving mechanism, the product would meet their needs and those of other sites. "When it was all said and done, when you look at benefits for disaster recovery [and] technology obsolescence, InSiteOne was still the best choice for us," Goldman says. "As of last September, we started a fee-for-service arrangement, and we've been using fee-for-service since."

Because of the large volume of studies done at Hartford Hospital, storage needs are great, requiring a fast storage mechanism for new studies. With the InSiteOne server inside the hospital, they can store as many exams as they want. "The reason that server exists is it lets it stream out [data] offsite over your connection by whatever mechanism you allow, so if you're not generating very many studies, you could have a relatively slow link offsite, because it stores so much that it has midnight hours to catch up, and it never fails," Goldman says.

If a small hospital had only two radiologists, three workstations and a few modalities, for example, the InSiteOne server could actually serve as the entire PACS. All the hospital would need besides the InSiteOne service is PACS workstations. That enables a small hospital to implement PACS without a huge investment. The InSiteOne server was designed to have the functionality that a full PACS server needs, so it can route studies to workstations, allowing them to query and receive studies.

The future for offsite storage is bright in Goldman's estimation, especially in light of the need to easily move images from one institution to another. Failure of the general SSP model early on was due in many cases to "bogus data," according to Goldman. "I don't mean the data was fake data, but it was nonsensical data," Goldman says. "It was using [information such as] how much time someone had to stand by a window to wait for an exam, and that had no monetary value or cost associated with it." The result, he says, was implementation based on a flawed business model and price structure.

In a typical hospital, taking into account the manpower involved and the cost and handling of film, costs per exam are probably on the order of $2.50 to $3.00. When you look at the cost of archiving in-house on your own PACS, the cost is approximately $2.00. InSiteOne says the average cost per study for its service, depending on the size of the institution, is $2.00.

"So it is clearly possible to put together a business plan and a model in which you can provide a service with additional benefits like disaster recovery that can compete with the in-house storage," Goldman says.

As for technology obsolescence, some facilities have not thought far enough ahead for when these tapes they made seven years ago are going to be able to be read in seven years. "I think people either haven't been bitten by the downsides enough of the in-house storage or have not been bothered enough by the difficulty of moving images from patients from one hospital to another, " Goldman says.


Although security tops many hospital CIOs' concerns, it is merely an "emotional issue," according to Walter Hinton, chief technical officer of Managed Storage International (MSI). "People have to recognize that there are strong encryption technologies now that can ensure that as data are moving from one site to another, traveling over either private networks or public Internet, we can ensure that they're not being intercepted," Hinton says. "It's also stored in an encrypted format, so that at rest it can't be violated. Transferring [files and images] electronically creates a very sophisticated audit trail that doesn't exist with people handling velum images. That risk of security is actually greater in the physical world than the electronic world, but it's still an emotional hurdle that people have to get over."

And what about the concern that a service provider could go under and take your images with it? "Now most service providers will write contracts that guarantee that you have access to your images in the event that something happens," Hinton says. "We can go to greater steps…if these images are stored on tape, the customer can own the tapes themselves. The service provider may provide the tape library and tape robot and servers and the like, but the physical tapes can be owned by the clinic, the radiologist or whatever, and therefore the risk can go away."

With media constantly changing, MSI also migrates data to new technologies to ensure images are retained on current media. Offsite storage offers accessibility for multiple locations, disaster recovery ability, rapid search and an audit trail - all of which appeal to many.

"The future looks like a shared archive for these community and regional healthcare providers, and it looks like dedicated archives for large healthcare providers," Hinton says. Physical distance will be an outdated obstacle for patients and their doctors who want to check previous images to gain insight into a person's current medical problem.


St. Joseph Health System in Orange County, Calif., chose a centralized enterprise approach to image storage. Fourteen acute-care hospitals that they own and manage, several located in west Texas, comprise the system. Currently, Fujifilm's Synapse PACS is being implemented. The hospital system established an enterprise data center two years ago. They use a storage area network (SAN) and RAID.

"With the space and the 24-hour operation staff available, we decided to undertake a strategy that begins centralizing a lot of our mission-critical systems and to secure the economies of scale associated with establishing centralized systems for enterprise access," says Bill Lazarus, vice president of information systems architecture and security. "Since that time, we have been collapsing hospital-based, mission-critical systems into the enterprise data center and establishing new systems and capabilities for all sites from that data center."

The system also relaunched an enterprise disaster recovery plan to deliver more robust economical disaster recovery for multiple sites. They chose to make the west Texas entities, because of their geographic distance and volume of data, accessible through a long-distance wiring network. "We also see [that] as part of our disaster recovery strategy and some opportunities to leverage the data center facility in Texas with the one in California," Lazarus says.

Experience with an ASP approach at one of the health system's sites revealed "significant issues" in pulling data back because of how it was archived. "Based on that experience, I would say that was the biggest reservation we would have in the future," Lazarus says. "One of the biggest things we would have to define is the need to have our data segregated or at least available to give us - all of our data at once, instead of having to do it on a one-by-one patient basis."