William M. Miaoulis, Subject Matter Specialist for Phoenix Health Systems (www.phoenixhealth.com), says:

Certainly we have new and old federal laws which will continue to be expanded. In fact, Healthcare IT is directly impacted by the American Recovery and Reinvestment Act of 2009. The infusion of funds, coupled with the mandate for ‘meaningful use’ will drive the move to enhanced data capture that comes with full automation. Although most of the actual specifics are still to be defined, there is specific HIPAA legislation in the language of the Act. It appears some regulation will come directly from Health and Human Services, via the Office of the National Coordinator as well as additional legislation via the Health Information Technology for Economic and Clinical Health (HITECH) Act. As further details are defined, we’ll see regulatory requirements and restrictions coupled with implementation standards to provide a foundation for the evaluation determining compliance.

What impact are the major government regulations having on enterprise data centers?
Initial impacts include an increased need for processing power, as EMR implementations become far widespread due to government initiatives, they become more complex as well as more prevalent in the marketplace. Longer term, organizations will also have to take a harder look at redundant facilities and data to ensure that the information to treat patients is available when necessary. The ‘hybrid’ days when data redundancy was split between a paper chart and an EMR at most organizations are rapidly approaching extinction.

What changes have data centers put in place as a result of new regulations?
Changes to data centers will vary depending on an organizations risk analysis as required by HIPAA. This Risk Analysis is different for every organization, but has often times lead to enhanced environmental controls such as implementation of fire suppression systems, redundant power, enhanced cooling and better separation of data among data centers.

Are data centers meeting or exceeding minimum guidelines?
The minimum guidelines are / are not extreme. The regulations are not specific with regard to the physical security. But many Hospital Data centers are located in high risks areas. Often times in rooms which can flood or have water pipes running above the computers. Still other healthcare organizations have designed and developed data centers that maintain a high level of security and environmental controls.

How are regulations impacting data centers?
The true impact to data centers is directly attributable to the changes being forced at the adoption level. While technology is pushed at the clinical delivery sites, the need for faster, more reliable processing will be felt. With the depth of information increasing in the electronic record, and the reduction in ‘onsite’ paper chart reliance, the need for recovery processes that can provide patient data at the time of treatment becomes critical.

The importance of having data centers that are protected from both natural disasters (earth quake, flooding, and tornado) and protection from intruders will only increase the need for physically secure data centers. Understanding your current and future vulnerabilities and threats will be critical. Currently, physical security at data centers is inconsistent and haphazard at best; some are highly secure; most are not. While great effort has been put into the protection of the network infrastructure, little effort is put into understanding physical vulnerabilities and threats. The expansion of electronic data also expands the vulnerability at the data center site; a disaster or significant crisis event at a large data center could significantly cripple the healthcare network and make recovery difficult.