Tape-based WORM: the best choice for HIPAA-compliant storage.
Write-once read many (WORM) storage has surfaced as a key storage technology for compliance applications. Once the exclusive realm of write-once optical disk, a new generation of WORM storage alternatives has emerged that includes WORM disk arrays and WORM tape. Both of these WORM options provide certain advantages over traditional optical WORM, particularly with the need for higher capacities in large-scale storage applications. However, tape-based WORM is poised to become a major presence for medical storage environments by delivering more secure, scalable and versatile storage with a significantly lower total cost of ownership than disk-based WORM.
The two dominant mid-range tape technologies--Super DLTtape II and Linear Tape Open Ultrium 3 (LTO 3)--have embraced the WORM concept and both now offer WORM functionality, although each takes a different approach. Super DLTtape enables customers to use conventional Super DLT II media for WORM applications. The write-once functionality (designated as DLTIce on Quantum's Super DLT 600 tape drives) is enabled by the tape drive as part of Quantum's DLTSage architecture platform a suite of predictive and preventative management software tools that enable end users to diagnose, plan, and manage their tape storage investments.
To enable the WORM capability on standard Super DLT II tape cartridges, DLTIce places an electronic key on the tape that prevents data already written on a tape from being rewritten, reformatted or erased. DLTIce does allow new data to be appended so that the full capacity of the Super DLT II cartridge can be utilized. The SDLT 600 recording process includes automatic verification through advanced ECC algorithms to ensure that the quality and accuracy of the physical data recording meet the HIPAA guidelines for data integrity of records stored electronically. DLTIce also provides archive tape verification and tamper verification with time and date signature. If duplicate tape copies are required, DLTIce generates serialized identifiers for the original and all copies to meet regulatory compliance requirements. As data is written during each recording session, compliant storage management software issues a time and data stamp to enable simplified location and authentication of specific records.
Super DLTtape is unique in that its WORM functionality does not require end users to purchase any additional hardware, software or specialized media to take advantage of the WORM capability. The functionality is built into the SDLT 600 drives, which create the WORM functionality with Super DLT II media. Special labeling is used to identify the WORM-encoded tapes.
The LTO Ultrium 3 platform also offers a WORM option, utilizing a special WORM media cartridge leveraging the Cartridge in Memory (CIM) feature to enable write-once functionality. LTO 3 WORM media is encoded during the production process and then combines that encoding with WORM algorithms stored in the CIM to provide unalterable recording. Data written to LTO 3 media is tamper proof, but like Super DLT II, it does allow files to be appended.
WORM Tape vs. WORM Disk
Compliance with HIPAA regulations for protecting and maintaining patient medical records is the primary force driving the application of WORM technology in the healthcare marketplace, even though the regulation does not require or suggest WORM storage technology. In fact, one of the objectives of HIPAA compliance implementation was to be technology-neutral, given the variety of different medical institutions and size of businesses that are affected by the law. HIPAA regulations specify that any operation covered by law must "implement electronic mechanisms to corroborate that electronic patient health information has not been altered or destroyed in an unauthorized manner." WORM tape is perhaps the most cost-effective storage solution that is able meet the capacity requirements and HIPAA demands for record security while meeting the business's need for affordability and scalability.
While Super DLTtape II and LTO tape technologies have implemented WORM capability, the same approach has been adopted by several disk array vendors, using electronic keys to provide unalterable data on hard disk media--disk-based WORM storage. The issue of using WORM disk or tape is just the latest round in the disk-to-disk backup debate. D2D proponents insist that by utilizing low-cost ATA disk technology for a backup device, businesses can achieve better data backup and recovery performance with a cost structure that is as good as or better than tape. Whether or not those arguments are valid, they ignore the fact that most businesses deploying D2D backup are not doing so at the exclusion of tape. Sites using disk-based backup are rarely "pure" D2D environments, but instead employ D2D2T storage hierarchies that combine disk and tape backup components. According to study by the Enterprise Strategy Group on the evolution of data protection, 75% of users intend to use only tape or a combination of disk and tape for backup for at least the next two years.
For applications such as HIPAA regulatory compliance, the expense and value of disk-based WORM is difficult for medical facilities to justify. The major advantage of a properly configured disk-based WORM array is that it can potentially provide faster recovery of patient records and medical data residing on the secondary storage device. However, HIPAA regulations do not require instant access to records. Instead, the regulations specify only entities that store patient records in electronic form must provide "reasonable and appropriate administrative, physical and technical safeguards" that ensure integrity, availability and confidentiality of the information. Simply put, in most cases disk-based WORM in HIPAA compliance applications cannot be cost-justified.
The value proposition for tape-based WORM becomes even more overwhelming when it is recognized that WORM capability is essentially available at zero cost. Locations that have already deployed Super DLT 600 or LTO Ultrium 3 drives as part of their standard data backup architecture are already in possession of a WORM-based storage solution that complies with HIPAA standards. No additional hardware is needed and the leading backup software applications already support tape-based WORM.
Purchasing a single WORM-capable disk array is only the initial expenditure required to comply with HIPAA. To protect the data against a catastrophic site failure, a second array would be needed, with data then replicated to the second array either at another building or remotely. In a remote replication deployment, there is the additional cost of high-speed data bandwidth between the sites and the cost of a backup array at the remote site. Additionally, as compliance storage demands pile up and surpass the capacity of the array, the only scalability solution is to add another WORM disk array, increasing not only the hardware costs, but also the storage management complexity. By comparison, tape-based WORM provides virtually infinite scalability simply by adding new tape cartridges to an automated tape library.
HIPAA regulations are having a profound impact on the way medical institutions store, protect and archive information. The demands of the regulations and the stiff penalties for non-compliance are forcing these organizations to evaluate every aspect of their IT operations to ensure that they conform to the privacy and security demands of HIPAA standards.
Tape-based WORM storage is the premier storage platform that provides high-capacity, affordable, scalable and reliable data storage while delivering on HIPAA requirements for unalterable electronic storage. In fact, for Super DLT 600 and LTO Ultrium 3 owners, deploying WORM storage is effectively free. When compared with disk-based WORM alternatives, the total cost of ownership of tape-based WORM is simply overwhelming. The only potential advantage of disk-based storage (faster access to archived data) simply is not a critical demand for compliance-related storage applications. For businesses still in the process of implementing IT re-designs for HIPAA compliance, tape-based WORM can make a major contribution to lowering the total cost of compliance.
Steven Pofcher is senior marketing manager at Maxell Corp. of America (Fairlawn, NJ)
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Write-once read many; Health Information Portability and Accountability Act|
|Publication:||Computer Technology Review|
|Date:||Jan 1, 2005|
|Previous Article:||Networked storage systems break the boundaries.|
|Next Article:||Protecting Microsoft Exchange Server in SMBs.|