Geisinger Health System With EMC to Protect Patient Data

On EMC Pulse blog was published the following news.

When you go skydiving, you have confidence that your parachute is going to open. Geisinger Health SystemGeisinger Health System needs that same level of confidence when doctors tap into electronic medical records (EMRs).

Any hesitation and it could impact the care patients receive. When Geisinger started having reliability issues with its previous storage solution, it knew it needed to do something about it.

We talked to Will Sanders, senior technology specialist and storage architect, Geisinger, about the situation. Geisinger was worried these downtime issues could disrupt patient care if they weren’t resolved, and quickly. Imagine a doctor, bedside with a patient, being unable to get critical medical information because the storage system stalled. Unthinkable.

Geisinger was pressed with the data security issue of what to do when drives loaded with patients’ medical information needed to be replaced or shared with other organizations such as payers or other care facilities. With 2,000+ drives, a drive left the building every week and Geisinger couldn’t risk the exposure. Plus, wiping defunct drives clean and shredding them consumed a lot of time.

Geisinger looked at various encryption solutions but found they were time consuming to manage. Then, Geisinger evaluated EMC VMAX with Data at Rest Encryption (DARE).

Will told us: “VMAX had the most flexibility and we liked that DARE was built right into the drive controller. We didn’t have to worry about a separate key management system.”

In an around-the-clock healthcare setting like Geisinger’s, trust in IT systems is paramount, and that’s exactly what VMAX provided. First, the bouts of downtime during firmware upgrades completely disappeared.

There also are no concerns about patient data accidentally leaking outside of Geisinger when drives are replaced. DARE saves Geisinger between 2-4 hours of painstakingly wiping and destroying drives each week. Now, IT just disposes spent drives, confident that patient data is protected in accordance with HIPAA and HITECH regulations.

DARE also protects Geisinger from another scary scenario – if a drive that could expose patient information is lost, healthcare organizations have to publicly announce the breach in compliance with HIPAA regulations. This would be embarrassing at best, and most likely financially damaging due to huge fines associated with HIPAA breaches. With a DARE-enabled VMAX, these concerns are drastically reduced.

Geisinger is even able to share data with other hospital groups and insurers with confidence. Will said that one of the first questions he receives from external organizations is around data encryption. With DARE embedded into its VMAX storage, Geisinger doesn’t have to hesitate in responding. And according to Will, VMAX has plenty of scalability to handle increased demands from these collaboration opportunities as well as other new projects.

Will sums it up: “VMAX encryption technology assures us that our data is always protected – within and outside of our datacenters.“