User Panel
Posted: 12/14/2020 4:28:17 PM EDT
I produce a tremendous amount of critical data from a digital CT machine in the office. Each imaging study is over 500mb, and 4000 studies a year add up.
I currently have over 24TB and the storage unit is a big ass RAID 5 unit on the network. Problem is, I have no good backup system. My IT guy wants to set up a full off-site solution at his warehouse, and wants about $900 a month to set-up and maintain. So while I would not have any upfront costs, it's still almost $11K a year, which seems a bit crazy. Honestly, I have no idea if this is reasonable or not, nor what his exact plan is hardware wise. The existing data does not change. It's an archive. The only thing that changes is new data added. So, my questions: 1) Is my quote industry appropriate? 2) What are some other possible solutions, on site, off site, whatever? 3) Is it possible to set up another big ass RAID 5 box, and then once the existing data is copied, RAID 1 them together so they are mirrored as new data is added? 4) What other questions should I be asking, since I know virtually nothing, and did I describe the situation accurately enough to be able to be understood? Thank you all for your time. |
|
[#1]
We use idrive and have been very pleased with it. Even doubling up on the plans you should get in much cheaper than that.
|
|
[#3]
I would looks at Backblaze or Amazon S3.
I think S3 glacier is even cheaper. |
|
[#4]
I would be concerned about storing this sort of stuff at his warehouse if it is classified as ePHI.
There are plenty of ways to do long term storage in the cloud in a way (encrypted) that meets regulatory requirements. |
|
[#5]
View Quote This, if it doesn't have to be stored on-prem. Glacier would be my recommendation. |
|
[#8]
It does not have to be onsite, and, is preferable to be offsite.
idrive has a 12.TB limit Backblaze seems to be an excellent solution, I will be researching. $.005/gb/month = .005 x 200000GB = $1000 month Actually in line with my IT guy, lol. Unless my math is wrong. Amazon is 3x more expensive than backblaze according to a quick search Thank you all, and I am open to more suggestions if anyone has any. |
|
[#9]
Quoted: It does not have to be onsite, and, is preferable to be offsite. idrive has a 12.TB limit Backblaze seems to be an excellent solution, I will be researching. $.005/gb/month = .005 x 200000GB = $1000 month Actually in line with my IT guy, lol. Unless my math is wrong. Amazon is 3x more expensive than backblaze according to a quick search Thank you all, and I am open to more suggestions if anyone has any. View Quote View All Quotes View All Quotes Quoted: It does not have to be onsite, and, is preferable to be offsite. idrive has a 12.TB limit Backblaze seems to be an excellent solution, I will be researching. $.005/gb/month = .005 x 200000GB = $1000 month Actually in line with my IT guy, lol. Unless my math is wrong. Amazon is 3x more expensive than backblaze according to a quick search Thank you all, and I am open to more suggestions if anyone has any. Check your math. S3 pricing Amazon S3 storage usage is calculated in binary gigabytes (GB), where 1GB is 230 bytes. This unit of measurement is also known as a gibibyte (GiB), defined by the International Electrotechnical Commission (IEC). Similarly, 1TB is 240 bytes, i.e. 1024 GBs. ETA: some options have transfer cost. |
|
[#10]
For static data with limited retrieval, I'd go with Amazon cold storage. It's dirt cheap for what you get.
|
|
[#11]
Something nobody has asked is what kind of internet you have at your business?
If you have DSL you'll need to find someone that will let you send them the initial backup offline. Fiber isn't as big of a deal, however, it will still take awhile event with gigabit. Also, I'd switch to RAID 10 as RAID 5 is the devil. |
|
[#12]
Quoted: It does not have to be onsite, and, is preferable to be offsite. idrive has a 12.TB limit Backblaze seems to be an excellent solution, I will be researching. $.005/gb/month = .005 x 200000GB = $1000 month Actually in line with my IT guy, lol. Unless my math is wrong. Amazon is 3x more expensive than backblaze according to a quick search Thank you all, and I am open to more suggestions if anyone has any. View Quote Using a service like AWS is very dependent on how frequently you plan on accessing the data. You can store stuff in Amazon cheap if you just need to occasionally retrieve it. |
|
[#13]
I'll echo the glacier plan. Also you can have them send you a snowball that you fill with your data, send it back, and then just start sending deltas.
|
|
[#14]
I will hopefully never have to retrieve any of it. I just need a catastrophic data loss plan of action.
I'll dig into the deeper, colder options. Thanks for the ideas! |
|
[#15]
Going by my math (and I'm drunk), you need roughly 2 TB of archival storage per year. That's actually not a lot.
I keep my important data on M-Discs. Failed To Load Product Data That's 2.5 TB of storage for ~$250 that will last you about a year. You'll have to store them yourself, though. Also, here's a review of M-Discs. EDIT: You'll need on-disc encryption for PHI. |
|
[#16]
Quoted: I will hopefully never have to retrieve any of it. I just need a catastrophic data loss plan of action. I'll dig into the deeper, colder options. Thanks for the ideas! View Quote Are you bound by any kind of laws regarding data retention? Like are you clear to dispose of data after a certain number of years? As you can see, just keeping it forever is not without cost. |
|
[#17]
Quoted: I'll echo the glacier plan. Also you can have them send you a snowball that you fill with your data, send it back, and then just start sending deltas. View Quote I never knew the snowball existed. I was looking at deep archive but the initial upload had me a bit overwhelmed based upon the how-to I’ve been reading This is definitely an option Thank you for posting. |
|
[#18]
We use a cloud service to backup our EMR. It takes a long time every night.
We have raid 5 in office. |
|
[#19]
Quoted: Going by my math (and I'm drunk), you need roughly 2 TB of archival storage per year. That's actually not a lot. I keep my important data on M-Discs. www.amazon.com/dp/B017H13DFS That's 2.5 TB of storage for ~$250 that will last you about a year. You'll have to store them yourself, though. Also, here's a review of M-Discs. EDIT: You'll need on-disc encryption for PHI. View Quote I'm not sure this would be applicable. Yes, 2TB/year, but it's not like a 2011 disc, 2012 disc, etc. The new data gets disbursed into the proper patient folder which can be brand new, recent, or older. So discs wouldn't keep anything properly grouped. Not sure if I explained that correctly. |
|
[#20]
Quoted: Are you bound by any kind of laws regarding data retention? Like are you clear to dispose of data after a certain number of years? As you can see, just keeping it forever is not without cost. View Quote Yes, 7 years from last contact. But, also, 7 years from when any minor patient turns 21. So, if I treat a newborn, effectively, I keep the records for 28 years. Selectively deleting files seems like a huge task, and the security protocols do not allow a "group" delete". I can order the patients by date of birth, but each and every one need to be deleted individually, and with multiple confirmation screens. Just adult patients from 2010 (when the digital imagery database was created) to 2013 is multiple thousands. |
|
[#21]
Quoted: We use a cloud service to backup our EMR. It takes a long time every night. We have raid 5 in office. View Quote The EMR is separate from imagery. They are linked for access through the practice management software. The EMR is already backed up, and the daily delta continues to be backed up continuously. It happens on the fly. The total EMR data is less than 2TB total, and is essentially negligible. |
|
[#22]
AWS has a calculator, I have to run an estimate and get a quote. They measure a GB differently?
You guys speak a language that is strange to me. Give me bodies to repair, any day of the week. |
|
[#23]
Quoted: AWS has a calculator, I have to run an estimate and get a quote. They measure a GB differently? You guys speak a language that is strange to me. Give me bodies to repair, any day of the week. View Quote |
|
[#24]
Quoted: Yes, 7 years from last contact. But, also, 7 years from when any minor patient turns 21. So, if I treat a newborn, effectgively, I keep the records for 28 years. Selectively deleting files seems like a huge task, and the security protocols do not allow a "group" delete". I can order the patients by date of birth, but each and every one need to be deleted individually, and with multiple confirmation screens. Just adult patients from 2010 (when the digital imagery database) was created to 2013 is multiple thousands. View Quote |
|
[#25]
I do want to address one thing you said in your original post. If you go with two arrays, you don't want them to be in perfect sync. If they are in perfect sync and you get hit with a crypto blackmail thing then your backup gets encrypted too. You want snapshots so you can roll back.
|
|
[#26]
Quoted: I do want to address one thing you said in your original post. If you go with two arrays, you don't want them to be in perfect sync. If they are in perfect sync and you get hit with a crypto blackmail thing then your backup gets encrypted too. You want snapshots so you can roll back. View Quote Thanks for that. I know we have hardware firewalls and my IT guy is comfortable with the setup, but I will absolutely discuss it with him. |
|
[#27]
Quoted: Thanks for that. I know we have hardware firewalls and my IT guy is comfortable with the setup, but I will absolutely discuss it with him. View Quote View All Quotes View All Quotes Quoted: Quoted: I do want to address one thing you said in your original post. If you go with two arrays, you don't want them to be in perfect sync. If they are in perfect sync and you get hit with a crypto blackmail thing then your backup gets encrypted too. You want snapshots so you can roll back. Thanks for that. I know we have hardware firewalls and my IT guy is comfortable with the setup, but I will absolutely discuss it with him. Snapshots are an absolute must. |
|
[#28]
That quote is fucking STUPID cheap for HIPAA compliant managed(encryption requirements in transit and at rest, testing protocols, risk assessment, security requirements, administrative controls and BAA) backup solution, which tells me it's not HIPAA compliant and neither is your practice.
Everyone in this thread is giving very very poor advice. |
|
[#29]
|
|
[#30]
Quoted: That quote is fucking STUPID cheap for HIPAA compliant managed(encryption requirements in transit and at rest, testing protocols, risk assessment, security requirements, administrative controls and BAA) backup solution, which tells me it's not HIPAA compliant and neither is your practice. Everyone in this thread is giving very very poor advice. View Quote OK, so instead of shitting in the thread provide some useful information. |
|
[#32]
Quoted: That quote is fucking STUPID cheap for HIPAA compliant managed(encryption requirements in transit and at rest, testing protocols, risk assessment, security requirements, administrative controls and BAA) backup solution, which tells me it's not HIPAA compliant and neither is your practice. Everyone in this thread is giving very very poor advice. View Quote I will address your assumptions, starting with the very first question I asked: 1) Is my quote industry appropriate? In your opinion this is a good deal. Great. 2) What are some other possible solutions, on site, off site, whatever? Nothing to add. OK then. 3) Is it possible to set up another big ass RAID 5 box, and then once the existing data is copied, RAID 1 them together so they are mirrored as new data is added? Not addressed. OK again. 4) What other questions should I be asking, since I know virtually nothing, and did I describe the situation accurately enough to be able to be understood? Again, unaddressed, and it would seem to be the best question you are apparently educated to address beside. Let me then, address your concerns: The only topic that I NEED to manage is proper, cost effective digital imagery backup. Now before you assume that this, in and of itself, makes my office non-HIPAA compliant, please be assured, that I maintain printed images of every study done in my office. So the fact that there is no digital image file backup is not technically a non-compliance issue. Paper however is a pain in the ass, and while my butt is legally covered, it's inconvenient, and bulky. Next, the IT company that has set up, and maintained, the network and all associated issues, specializes in medical office management, and has clients ranging from single office practitioners, to multiple office groups, to clinics, and urgent care centers. They are very well versed in HIPAA, and the VERY expensive third-party audit I had done at my own expense confirmed that I meet or exceed all the requirements to stay in the clear of the RIDICULOUSLY expensive fines. Now, based on your attitude, you have some strong opinions. Please, for the enlightenment of all those who have posted possible solutions and alternatives, as well as myself, who knows just enough to know what I DON'T know, would you be so kind as to offer a possible solution to my dilemma, keeping in mind that if there are multiple options, I am interest in the most cost effective, considering, as I mentioned, I don't necessarily want to spend an ADDITIONAL $900 a month on top of the money I am already spending to meet all of the issues I commented upon. Thanks for your time. (edited for typos) |
|
[#33]
|
|
[#34]
|
|
[#35]
I can't speak to HIPAA specific requirements.
That said... I back up my critical data on an encrypted external drive. You could easily set up a larger raid enclosure that is semi portable. I keep one drive locked in a fire safe, one at a different location, and one with me. All copies are encrypted, and synced regularly. In a situation where you're only adding data and not really removing, the portable drive could be smaller and only contain the new data to add to the archive. |
|
[#36]
|
|
[#37]
I'm going to focus on the technical aspect of just backing up the data and avoid the HIPPA angle for now. I spent 10 years in IT in hospitals so I can go down that road if you need it.
So I'm not current on AWS or Azure but Glacier would be about $100/month for 24TB if my math is right. Azure could be even cheaper based on their archive tier of $0.00099 per GB. The question is will there be any other costs or services needed to get it setup and are you managing it or paying someone. You'd really need to get someone that knows the services to sit down and price it all out for comparison. $900/month seems high but I'm not sure what hardware and levels of service/security are being provided. If you could get any detailed info from him that could help. You could build a box for an up front cost of under the $11k but what is the hardware? The servers we buy with no storage can run $15-20k due to CPU and RAM costs. You'd be switching the components around but quality gear costs money. Also, are there any software licensing costs for OS or replication applications? You could buy or get someone to build to your requirements a box that would work. RAID 6 is good for archival data as it allows 2 drive failures but you lose performance in writing data. RAID 5 or 10 could work as well, there are just trade offs with any of them. You could replicate that to an identical box somewhere off site or to the cloud. If you use an identical box, ideally it's far enough from your office that it would not be impacted by the same disaster type event. This is where cloud services are nice. You could have your archive target in Ohio or on the west coast as an example. Something from Synology might work, but I'd have to look at their current offering as I'm assuming you need it to be encrypted at rest. One thing you have to think about is who is going to manage the solution. Is it going to be you if you go with a cloud solution or an alternative on-prem solution? Are you happy with your IT provider? Will they support any solution you decide on? Are you just looking for a replication solution? Typically a good strategy is to backup the data locally and store a local copy, and also replicate a copy off site. If you aren't doing an actual backup and just replicating the data as it sits on the server. What happens if someone deletes the data accidentally or maliciously? Does the replicated copy also get deleted as it's just a mirror of the main server? Shoot me a message if you'd like to chat about it or have other questions. |
|
[#38]
|
|
[#39]
As has been said, RAID is not a backup solution, it's a fault tolerance solution. Basically, RAID has everything written to it, even a RAID 1 mirror. If you delete something, it's gone. It's gone on all of the drives. If something is corrupted, it's corrupted. What RAID gets you is tolerance for hardware failure. One of your drives goes kaput, you replace it and it rebuilds.
The suggestion for S3 Glacier would likely be good pending pricing. If you don't need to have constant or fast access to that data, if it's just an archive, that should work. They can send you a "snowball", which is a portable hard drive storage thing, which can be faster copying your data to than to upload it over the 'net. You then send the snowball back, and they import it to your S3 bucket. The biggest question you need to ask is "how fucked will I be if I lose all of this data?" Then realize one copy is none, two is one. Have a backup of your shit. |
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.