Best Practices for Health IT Data Management

Topics: Data Archive | Health Information Governance | Healthcare IT Management

Download PDF

Executive Overview

Unprecedented data growth is proving to be a tremendous challenge for healthcare providers. There are a number of different factors contributing to this data explosion, including the migration to a paperless environment driven by Meaningful Use and ICD-10 implementation, as well as new clinical imaging, diagnostic testing, mobile applications, and remote-monitoring systems.

Although EHR and imaging data are the biggest driving forces behind this increase in data, they are not the only mechanisms responsible for data growth. Today’s applications tend to produce more data than ever before.

While data continues to grow at an exponential rate, federal regulations and internal business needs are demanding long-term data retention. Yet while these requirements can create challenges pertaining to storage capacity and costs, there are further, more difficult challenges in play that tend to revolve around data protection and data governance. With the Department of Health and Human Services levying seven-figure fines for data loss, healthcare providers need to evolve their data protection strategy in order to stay ahead of regulatory requirements and to keep on top of data being generated — particularly because of obligatory data retention periods. In addition, as information proliferates, the need for a strong governance framework is essential to move from data silos to enterprise-wide information management.

Iron Mountain recently commissioned a survey with HIMSS Analytics to determine how healthcare providers were dealing with the challenges of data protection amid rapid data growth. A summary of the survey data was presented in the 2014 HIMSS Analytics Report, “The Perfect Storm: Navigating the Health IT Archiving and Data Management Challenge.”

The following white paper will discuss the survey findings and provide best-practice strategies to address data growth and the storage and protection of data on a long-term basis.

Information Mapping Best Practices

Survey Findings

Application Proliferation

One of the key factors driving growth in health systems today is the proliferation of applications and their associated data. According to the survey, 90 percent of respondents representing smaller bed segment hospitals (under 150 beds) indicated they support up to 100 applications within their organization, while half of the larger bed segment hospitals (500 beds or more) that participated reported supporting more than 250 applications. The applications represented in the survey included clinical, financial, administrative, and operational systems.

Best Practices

Health systems need to understand where their information is stored and likewise need to comprehend the relationship of one information system to another. The ability to understand the profile of systems is critical when addressing compliance, litigation readiness, and retention/disposition needs. Information mapping also enables health systems to make timely decisions regarding policy development, data migration, and systems decommissioning.

Many healthcare providers manage information about their systems, enterprise applications, and repositories in an ad hoc fashion. Such strategies lack a visual and dynamic map that could provide visibility into a given health system’s high-value and high-risk information, such as protected health information (PHI). This is complicated further when it comes to the rapidly-growing volumes of both structured and unstructured electronic information, including email, text messages, social media, and voicemails. Inefficient manual methods, coupled with a lack of visibility into information, increases a health organization’s risk of non-compliance, drives up storage costs, and inhibits Information Governance.

Information Mapping Best Practices

Best Practices


Input or upload key characteristics about your systems, repositories, and applications into a web-based mapping software. (While an Excel® spreadsheet may seem expedient, a more specialized tool allows for more organized, targeted views and is often easier to keep current.) Include information such as system start dates, end dates, and compliance and retention requirements. Use a risk-based approach to begin the mapping process; start where your most high-impact information resides, then move into lower-priority applications. Create a plan to keep you on track.


Whenever possible, integrate with your existing software tools using a simple API workflow as well as a web form that gives you the ability to collaborate with system custodians and stay current with regard to system changes.


Interpret your data using a visual and dynamic map that shows how systems, repositories, and applications inter-relate.


Inform your strategic information management roadmap by showing what requires attention. When you know where your high-risk and high-value information is, you have the knowledge you need to inform your strategic roadmap. As a result, the areas requiring your attention are made visible. When considering these areas, be aware you may need additional system controls, backup plans, and/or policy structures because certain information might be PHI or might be considered vital.


Invest in the information management areas that will provide you the best return on the value of your information. With the knowledge of what systems you have, what information is in them, how they inter-relate, and who owns them, you will have the facts necessary to make the right investments. These investments may include: system connectors/APIs; human resources to monitor the connectors; control charts to measure performance and recovery time objectives, to track the location of server (i.e., which data center it’s in) and how the location relates to your ITIL (Information Technology Infrastructure Library) processes, and to assess related retention schedule rules and regulations; and processes to automate or semi-automate defensible destruction.


Implement and understand the practices and tenets of your ITIL. Anyone who makes buying decisions for your business should understand the value of the information that will populate your organization’s information map.


Invite professional services partners to accelerate mapping and to manage key updates going forward. This will provide insight and visibility into high-value and high-risk information across your health system. Identify internal information stakeholders and work together to design a map that benefits the collective group and fosters information sharing and cross-collaboration across different teams.

Data Storage Best Practices

Survey Findings

The results of the survey revealed that a large majority of healthcare providers treat all data as active and define it as “stored onsite for immediate access” (Figure 1). This behavior was consistent across three different primary data types: clinical, operational, and laboratory. When the data was further segmented according to hospital bed size, the segment representing the largest hospitals reported a slight reduction in the volume of their active data. The majority of larger hospitals, however, still reported treating their data as active.

The survey also revealed that the data is less likely to be accessed as time progresses (Figure 2). According to the findings, data access decreased consistently across all data types over longer periods of time. For example, by year three of storage, only 22 percent of data was accessed, and nearly 20 percent of the data generated was never accessed at all. This finding holds true regardless of data type (clinical, operational, laboratory).


Best Practices


In order to develop reliable data growth estimates that predict proper data storage needs, it is important to know what type of data a health system has in its possession. In addition to the primary applications and data types, there are multiple sources of new data. Newer technologies —including genomics, digital pathology, biomedical sensors, and proteomics — are becoming more prevalent and are therefore impacting future data growth.


As more organizations continue to compile data volume, the need to properly plan for data storage and archiving will become a necessity. By simply planning for the next storage purchase, organizations are thinking tactically, not strategically. In order to develop an effective data management strategy, it is important to think long term. By determining the data growth projections over the next five years, a health system can better understand how its data storage (and associated infrastructure) will need to evolve over time.


A proper data management strategy requires health systems to accurately define how their data should be stored. Because data comes in multiple formats and its requirements differ according to application, a data management strategy will always need to address the varied storage needs for all data categories. The balance between speed, access, and cost should also be determined for all the varying data types within a specific hospital. This will enable the IT organization to develop the correct tiering model for its data storage when facing increased data growth.

Click Here To Learn More