See Commentary by Dr. Eliot L. Siegel on page 2
Storage management: What radiologists need to know Edward M. Smith, ScD, FACNP
T
he number and size of digital clinical studies are increasing, requiring a continuous expansion of storage requirements. The requirements for rapid access of clinical images throughout the healthcare enterprise (24 hours a day, 7 days a week), and retention and security of medical data are straining the storage management capabilities of most facilities. To minimize these constraints, healthcare entities must consolidate their storage management resources from departmental silos of storage to an enterprise storage solution. It is important to understand the relationship and responsibilities of the information technology (IT) department, radiology and other clinical departments that are intensive users of the digital enterprise. Together, they must establish standards to which all hardware and software that touches the digital enterprise must adhere. This is critical if the hardware and applications obtained from multiple vendors will seamlessly interoperate with a minimum of interfaces and rekeying of critical clinical data. Manually re-entering data will Dr. Smith is a Professor of Imaging Sciences, Department of Imaging Sciences, University of Rochester Medical Center, Rochester, NY. Dr. Smith is a consultant to, and on the advisory board of, InSiteOne Inc., Wallingford, CT, and a consultant to Iron Mountain, Boston, MA.
May 2009
introduce single points of failure and errors that impact patient care. The digital enterprise includes the infrastructure, computer hardware and software applications, clinical workstations, and the data center where the majority of the hardware (servers on which the applications are running and storage on which medical data are stored) is located. The IT department is responsible for funding, managing and supporting the data center and the associated hardware and software. The cost to support a secure and highly available data center1 is significant, requiring personnel, power, cooling, and redundant infrastructure components, plus the cost for a second secure data center for disaster recovery. These costs can be reduced, and the risks associated with data loss can be shared, by outsourcing the required long-term storage and disaster recovery.2,3 Radiology departments must specify the characteristics of the computing resources and clinical applications they require, including response time for clinical queries; system availability; interoperability of clinical applications, single password log-on; the environment and ergonomics of the clinical workstation; IT response time to solve operational problems, and; storage requirements. These requirements must comply with operational standards mutually agreed upon by all parties. The aspects of storage management that directly affect the productivity of radiologists and the welfare of patients are:
• Ability to select the clinical application that impacts their workflow and productivity. • Accessibility of patient studies and related medical data. • Ability to satisfy the informational requirements of the referring physicians and other healthcare professionals. • Long-term availability of patient data including, data migration, disaster recovery and retention and destruction of electronic protected healthcare information (ePHI). This article will discuss the fundamental aspects of storage management that radiologists should understand to ensure that the IT department supports their workflow and productivity.
Types of medical data From a data storage perspective, data generated by radiology can be divided into data that may change after it is stored and is managed as a variable content file (VCF) or data that will not change once it is stored and managed as a fixed content file (FCF). The VCF radiology data consists primarily of databases that comprise approximately 5% or less of stored radiology data. Examples of VCFs are the radiology information system (RIS) and the demographic database of the picture archiving and communications system (PACS). The high frequency of read/ write commands to these databases dictates the technology used to store, manage and replicate or backup these databases.
www.appliedradiology.com
APPLIED RADIOLOGY
©
■
13
STORAGE MANAGEMENT
FIGURE 1. The PACS and RIS databases contain variable content files (VCF), which are continually changing. The system that stores these files must be able to handle high transaction (read/writes) rates. It must be highly accessible and fully redundant. These databases may be combined into a single database in some integrated RIS/PACS applications. These databases must be backed-up daily to tape or to disk, and a copy must be kept off-site in a secure, preferably remote, location that is both fire- and heat-proof. Backup tapes may be physically transported offsite (Option 1) or a copy of the database may be transmitted off-site via the Internet (Option 2). These backup data should be periodically restored on a test server to validate their integrity. Should a database become corrupted, the backup should first be restored on a test server to ensure it is not corrupted before restoring it on the live clinical server.
The FCF radiology data consists primarily of digital imaging and communications in medicine (DICOM) objects, such as images, structured reports and waveforms that comprise 95% or more of the stored radiology data. At any point in time, there will be from 4 to at least 2 copies of these FCFs stored. The storage and management technology for FCF differs significantly from VCF.
Storage management system architecture The responsibility for managing the storage of ePHI is an enterprise responsibility and must be an integrated solution and not a departmental solution. Each department must specify the functional and security requirements for the ePHI it generates as long as any authorized user also has access to the ePHI. The enterprise storage management system must provide the following capabilities:
14
■
APPLIED RADIOLOGY
©
• From a functionality perspective the clinical requirements of each application must be met. - Availability of ePHI—24 hours by 365 days with minimal to zero down-time. - Accessibility—response time to read (retrieve) and write ePHI to the storage system. • Longevity and durability of the storage system and components to meet the mandated retention time for ePHI. - How long will the media and the components used to read/write to the media be available and be supported (technology obsolescence—typically 3 to 6 years depending on when purchased in its life-cycle). Will there be backward compatibility or will ePHI have to be migrated? - ePHI must be accessible for 5 to 10 years or longer, factors that
www.appliedradiology.com
affect durability include wear and tear from read/write components, temperature, humidity changes, etc. The integrity of ePHI on the media must be validated periodically. • Scalability of the storage system to meet current and future storage requirements while minimizing future cost. • Compliance with HIPAA relating to access control, data integrity, audit requirements and disaster recovery of ePHI. Figure 1 illustrates the data flow and storage schematics for the variable content files (VCFs), e.g., the databases associated with the RIS and PACS. The options for backup and disaster recovery for these data are also shown. Figure 2 illustrates a 3-tiered data storage strategy for fixed content files (FCFs), such as clinical studies. • Tier-1 storage archives online studies for 90 days to 2 years depending on whether the facility is an inpatient or outpatient imaging center and depending on the makeup of the patient population. • Tier-2 long-term storage is used to retain images for the legal life of the study. • Tier-3 disaster recovery is a backup copy retained for the legal life of the study. After a study is acquired by the modality, it is stored there and forwarded to the PACS, which stores it on tier-1 storage and the study’s digital imaging and communications in medicine (DICOM) header information is compared to the study data on the RIS. After verification, the study is forwarded to tier-2 storage and then to tier-3 disaster recovery. Initially, there will be 4 copies of the study. The study will generally be eliminated from the modality after 1 day or more, resulting in 3 copies being stored. Eventually, when the study is eliminated from tier-1 storage, 2 copies will be stored for the legal life of the study.
HIPAA The Health Information Portability and Accountability Act (HIPAA) security
May 2009
STORAGE MANAGEMENT (as specified by federal, state or local statutes) that medical information must be retained in its original or legal form. Integrity is the assurance that ePHI is not changed unless an alteration is known, required, documented (audit trail), validated and authoritatively approved. When ePHI has been authoritatively approved, e.g. a clinical study has been interpreted and the report signed by an authorized person, it should be stored in a format that inhibits unauthorized alterations such as write once, read many (WORM) format.
Compressing clinical studies
FIGURE 2. Clinical studies are considered fixed content files (FCF), and they vary in size from less than 100 KB to >1 GB. Since these files require fewer read/write transactions, compared with variable content files, a less expensive storage solution can be used. Redundancy is still required. Several FCF storage implementation options exist. Option 1 involves on-site tier-1 and tier-2 storage with weekly backup to tape that is physically carried off-site. This is the least desirable option, providing marginal disaster recovery and no business continuance. Option 2 transmits FCF data electronically via the Internet to an off-site secure data center. This option provides a degree of business continuance as long as the PACS is operational. Option 3 uses the services of an SSP to house FCF data with on-site indexing and a storage appliance that allows the client to access studies if they are not available locally, such as if the PACS is not operational. Option 4 outsources tier-2 and tier-3 storage to the SSP, providing similar functionality as option 3, however, the on-site storage provided by the SSP should have the capacity to store between 3 to 24 months of studies. This solution reduces both the physical and personnel resources of the healthcare institution.
regulations became effective April 21, 2005. They cover the confidentiality, integrity and availability (CIA) of ePHI.4 HIPAA regulations include electronic health records past, present and future, relating to the physical or mental wellbeing of a person. The security regulations can be an effective tool to guarantee that IT provides the radiologist with a storage management system that will provide the required availability and accessibility to ePHI regardless of its location for as long is it is legally required to be retained—irrespective of internal or external factors. These requirements are essential if the radiologist is to provide diagnostic results in a timely manner to ensure quality patient healthcare. Confidentiality is the assurance that ePHI is available to only authorized persons or organizations. HIPAA covers ePHI stored on any type of media
May 2009
including portable computers and related devices, as well as ePHI transmitted electronically via the internet, including e-mail. ePHI that is stored on media, or electronically transmitted, must be encrypted both when in transit and stored on physical media when it can be accessed by unauthorized individuals or organizations. This includes portable computers and memory devices. Availability is the assurance that systems responsible for delivering, storing and processing ePHI are accessible in a timely manner by those who need them under both routine and emergency situations. HIPAA requires that 2 copies of ePHI must exist, so if 1 copy is accidently destroyed during its legal life (retention period), a second copy will be available in a secure and accessible location. Retention period can be defined as the mandated time
Clinical studies, i.e. FCFs, can be compressed. The reasons for compressing images include decreased transmission times, decreased storage requirements, decreased infrastructure bandwidth requirements for transmitting the images, and reduced cost of storage and infrastructure. There are two types of compression: lossless and lossy. If lossless compression is used, the original image can be reconstructed from the compressed image without loss of any of the original data. This is accomplished by using the data redundancy within the image to decrease the image size. Compression ratios of between 1.8:1 and 2.8:1 can be achieved depending on the imaging modality and body part. The user should verify that the PACS vendor is using a DICOM-compliant lossless compression algorithm to compress the images. If the vendor is using a U.S. Food and Drug Administration (FDA)-approved compression algorithm that is not DICOM compliant, it may negatively impact interoperability of the images with other applications. It may also increase future data migration costs, as well as lock in the current PACS vendor, since the compression algorithm may be proprietary. When a study is compressed using lossy compression, no clinically significant data is lost; however, the original information cannot be completely reconstituted. Currently it is primarily used for web distribution of images for
www.appliedradiology.com
APPLIED RADIOLOGY
©
■
15
STORAGE MANAGEMENT Table 1. Typical storage requirements for radiology studies* Modality
Image size
Angiography CR CT Multislice CT Digital fluoroscopy DR Film digitizer MR Nuclear medicine Ultrasound**
Per study basis Uncompressed (MB)
No. of images
“x”
“y”
Bytes
1024 2000 512 512 1024 3000 2000 256 256 640
1024 2500 512 512 1024 3000 2500 256 256 480
1 2 2 2 1 2 2 2 2 1*
Ave.
Range
Ave.
15 3 60 500 20 3 3 200 10 30
10 – 30 2–5 40 – 300 250 – 4000 10 – 50 2–5 2–5 80 – 1000 4 – 30 20 – 60
15 30 32 262 20 54 30 26 1.3 9.2
Range 10 – 30 20 – 50 21 – 157 131 – 2.1 GB 10 – 50 36 – 90 20 – 50 11 – 131 0.3 – 3.8 6.1 – 18.4
Lossless compressed (MB) 2.5 to 1 ratio Ave. Range 6 12 12.8 105 8 21.6 12 10.4 0.5 3.7
4 – 12 8 – 20 8.4 – 63 52 – 840 4 – 20 14 – 36 9 – 20 4.4 – 52 0.12 – 1.5 2.4 – 7.4
* Excludes CTA, 3-Tesla MR, MRA, fMR, PET/CT, SPECT/CT and women’s imaging. ** 3 bytes for Doppler ultrasound and other color studies.
Table 2. Typical storage requirements per 100,000 general radiology studies.* Modality Angiography CR and DR CT MR Nuclear Medicine Ultrasound
Percent of studies 3 64 20 5 3 5
Uncompressed Ave. MB per study GB per year 15 45 42 2688 52 1040 39 195 1.3 3.9 18 90
Total TB per 100,000 studies
4.1 TB
Lossless compressed 2.5 to 1 ratio Ave. MB per study GB per year 6 18 17 1075 21 416 16 78 0.5 1.6 7 36 1.6 TB
* Excludes CTA, 3T MR, MRA, fMR, PET/CT, SPECT/CT and Women’s Imaging.
review purposes rather than primary interpretation. The compression ratio must be stated on each image of the study. The compression ratios depend on body part and modality. Typically: • Computed radiography (CR) and digital radiography (DR) employ a 20:1 compression ratio • Computed tomography (CT) employs a 10:1 compression ratio • Magnetic resonance imaging (MRI) employs a 5:1 compression ratio A study by Dr. David Koff for the Canadian Association of Radiologists evaluated the use of 2 DICOM-compliant lossy compression algorithms and found that lossy compression had no effect on the diagnostic accuracy of interpretations made for modalities and body parts tested.5 Centers in the United States now use lossy compressed studies for primary interpretation with
16
■
APPLIED RADIOLOGY
©
the exception of mammograms, which is not FDA approved. The decision to use lossy compression for primary diagnosis is up to the physician. The use of lossy compression for primary interpretation and storage will significantly reduce the cost of storage management and possibly telecommunication costs. A caveat: If lossy compression is used for primary interpretation, only store the lossy compressed study. Do not store the lossless compressed study because it is not considered the legal and original copy.
Retention and destruction of ePHI Many of the retention and destruction requirements of ePHI are federally mandated by the FDA, HIPAA and others. In addition, state and local entities impose their own requirements, which
www.appliedradiology.com
in many cases are more restrictive than those federally mandated. To further complicate the matter, retention requirements are typically 5 to 7 years, but they vary by type of healthcare entity, by type of ePHI, and even by subcategories within radiology such as mammography and pediatrics. Images stored for purposes of complying with regulatory backup (disaster recovery) requirements must be of the same quality as images used for primary diagnostic purposes. Resulting from the complex rules governing retention of ePHI, automation of its destruction is not currently possible. The most cost-effective solution to manage outdated ePHI may be permanent retention. Any study that is deleted must be documented, and the study typically will only be deleted from the demographic database and not from the storage media.
May 2009
STORAGE MANAGEMENT Table 3. Representative storage requirements for digital mammography.* Detector type
Resolution (microns)
Computed radiography 50 Computed radiography 50 Direct, (amorphous Selenium) digital radiography 70 Direct digital, radiography+ 70 Indirect (amorphous silicon) digital radiography 100 Indirect digital radiography 100
Study type Uncompressed storage requirement (MB)
Lossless compressed 2.5 to 1 ratio storage requirement (MB)
Screening Diagnostic
197 296
79 118
Screening Diagnostic
96 144
38 58
Screening Diagnostic
52 78
21 31
*Typical mammography storage requirements based on 70% large cassette/paddle and 30% small cassette/paddle and 4 images for screening and 6 images for diagnostic studies.
Table 4. Representative storage requirements for breast MR.* Views
No. of sites
Uncompressed (MB)
Range Axial without contrast 5 63 – 132 Axial with contrast – 5 223 – 336 typically 5 sequences Saggital 2 42 Average lossless compressed storage requirement
Ave. lossless compressed 2.5 to 1 ratio storage requirement (MB)
Average 98 294
39 118
42
17 174
*Storage requirements vary widely depending on image size and number, slice thickness, protocols, and number of sequences with or without contrast. Protocols are representative of Aurora, GE Healthcare and Siemens Healthcare.
Clinical study storage requirements Beyond 1 or 2 years, projecting the storage requirements for a radiology department is at best an educated guess. Storage requirements tend to increase as the capabilities of modalities are enhanced and new protocols are introduced for CT, CT angiography (CTA), MRI, MR angiography (MRA) and fused studies such as positron emission tomography (PET)-CT and single photon emission computed tomography (SPECT)-CT. This is also true in subspecialties such as women’s imaging, which is rapidly going digital with digital mammography, MR, tomosynthesis and cone-beam CT. Studies consist of images which are made up of picture elements, pixels, that have an “x” and “y” dimension. Each pixel contains a value that is 1 or 2 bytes and 3 bytes for color. The modality acquires the images in full resolution, i.e., uncompressed, and the PACS typically compresses the images in a lossless com-
May 2009
pressed format, which reduces the storage requirements by a factor of 1.8 to 2.8. Table 1 illustrates the typical number of images and image size for a variety of radiological procedures along with the uncompressed and lossless compressed storage requirements for these studies. Note that as the image size doubles, e.g. 256 by 256 pixels to 512 by 512 pixels, the storage required for that image quadruples. Table 2 provides an estimate for the storage requirements for a radiology department performing 100,000 procedures distributed as specified at 4.1 terabytes (TB) uncompressed and 1.6 TB lossless compressed. Table 3 provides storage estimates for digital mammography for both screening and diagnostic studies. Table 4 provides similar information for breast MR studies.
Data migration Periodically, the radiology studies stored on a storage system have to be
moved, or migrated, to another storage system. Data migration is typically required when changing PACS vendors, when converting from departmental silos of storage to enterprise storage, sometimes when a PACS system is upgraded, when storage requirements need to be increased, and also due to technology obsolescence of storage components.6,7 To maintain system efficiency, data migration may be required as frequently as every 3 to 5 years. Data migration is both time consuming and expensive. Every effort should be made to require vendors to store data in a vendorneutral DICOM-compliant format. Depending on the amount of data to be migrated, data migration can cost hundreds of thousands of dollars and take a year or more. Much of the cost and effort of data migration can be mitigated by outsourcing long-term storage and disaster recovery to a storage service provider (SSP) that maintains the data in
www.appliedradiology.com
APPLIED RADIOLOGY
©
■
17
STORAGE MANAGEMENT a secure and rapidly accessible off-site data center that is vendor neutral.2,3,8,9
Disaster recovery and business continuance Disaster recovery of ePHI is mandated by HIPAA. HIPAA security regulations require backup of retrievable exact copies, i.e. a copy from which the diagnosis was made, of all ePHI.4 Figures 1 and 2 present disaster recovery strategies for both FCF and VCF.2,3 Disaster recovery provides the ability to restore ePHI that has been corrupted or deleted due to hardware or software failure, human error or a catastrophic event. Disaster recovery alone is not sufficient to provide the level of availability of ePHI required in a healthcare environment. Disaster recovery includes component failure, as well as human errors that comprise >95% of these events, whereas catastrophic events such as power failures, fire, flood and other natural disasters (or acts of terror) are relatively infrequent. Business continuance must be implemented to provide a satisfactory level of availability of ePHI while the system failure is corrected and disaster recovery restores the unavailable ePHI. Business continuance provides access to ePHI via alternate pathways or workarounds within the institution. A business continuance plan is made up of multiple components, including: • Work-arounds that are developed and documented to access ePHI from alternate locations or sources. • Elimination of single points of failure in the infrastructure, application gateways and interfaces, etc. • Installation of alternate data pathways if a transmission line should be accidentally cut, and installation of back-up power sources, including both uninterruptible power sources and automated emergency power generators. • Implementation of a test server to run all new applications and upgrades prior to clinical use. • Use of clustered or virtualized servers instead of direct-attached storage.
18
■
APPLIED RADIOLOGY
©
• Contracting an SSP to provide rapid access to ePHI (both FCF and VCF) that is stored off-site in a secure data center. Vendors providing healthcare-related hardware or software must be required to provide well-documented service level agreements (SLAs) that are enforceable and contain monetary penalties if they do not adhere to their SLA. The SLA must contain a return to operation statement (RTO) Disaster recovery can be implemented using several approaches that adhere to the letter of the HIPAA regulations, but not necessarily the intended spirit of HIPAA, i.e. rapid access to an exact unaltered copy of ePHI. ePHI can be backedup to tape or other media and stored off-site in a fire- and heat-proof safe or with a secure storage vendor. These approaches satisfy the letter of the law and are inexpensive, but will not minimize down-time and they could expose the healthcare entity to lost productivity and other economic and healthcare risks. Options that satisfy both the letter and spirit of the mandate, and provide a form of risk management insurance,8 include: • Back-up ePHI in a second, secure data center operated by the healthcare entity, preferably at a site >100 miles from the primary site. • Rent space and functionality at a tier-3 or tier-4 data center located at >100 miles from the healthcare facility. • Store ePHI in multiple data centers owned by the healthcare entity and utilize grid-storage technology. • Outsource the management and storage of ePHI for disaster recovery, and possibly for long-term storage, to an SSP. The mandatory procedures and additional precautions discussed as part of disaster recovery and business continuance will add to the cost compared with a strategy that just adhered to the letter of the mandated requirements. However, these additional expenditures for disaster recovery and business continuance must be considered part of the healthcare facility’s risk management
www.appliedradiology.com
expenditure, i.e. insurance, that will minimize or eliminate the cost of downtime because of human error, system failure or technology obsolescence. Calculate the cost for an adequate level of disaster recovery and business continuance against the tangible and intangible costs of downtime such as lost productivity, delayed patient care, diminished public relations and impact on cash-flow.
Conclusion Isolated silos of departmental storage must be eliminated in favor of an enterprise storage solution. Storage requirements will continue to increase annually, however, the use of lossy compressed studies for primary interpretation, when in widespread use, will temper the need for an ever-expanding storage management system with faster networks for clinical studies. The IT department must manage and fund the storage management system and provide radiology and other authorized users 24-hours-by-365-days access and availability to the stored, unaltered ePHI that is needed to provide costeffective healthcare.
REFERENCES 1. Updated tier classifications define infrastructure performance. Available at www.uptimeinstitute.org. Accessed April 15, 2009. 2. Smith, EM. The outsourcing option. Advance for Imaging and Oncology Administrators. 2006;16: 45-50. 3. Smith EM. Advantages of outsourced storage surpass expenses. Diagnostic Imaging. 2008; July(suppl):S1–S5. 4. 45 CFR Part 164; §308(a)(7)(i) Contingency Plan, §308 (a) (7) (ii) (B) Disaster Recovery Plan, (C) Emergency Mode Operation Plan, (D) Testing and Revision Procedures, (E) Applications and Data Criticality Analysis. 5. Koff D, Bak P, Brownrigg P. Pan-Canadian evaluation of lossy compression ratios for developments of national guidelines, Presented at SIIM 2007, Providence, RI. 6. Dilulio, R. Migrating with the times. Available at www.medicalimagingmag.com/issues/articles/200 7-06_08.asp. Accessed April 15, 2009. 7. Valenza, T. Changing PACS: Time, Money and DICOM. Available at www.imagingeconomics.com/ issues/articles/2007-06_01.asp. Accessed April 15, 2009. 8. Smith EM. Risk Management. Advance for Imaging & Radiation Oncology, in press. 9. Langer SG. Issues surrounding PACS archiving to external third party DICOM archives, J of Digital Imaging, in press.
May 2009