In a time when orthodontists are getting away from paper charts and going digital with their patient data and imaging, practitioners need to be prepared for a potential hardware failure in their data infrastructure. Although a backup plan in accordance with the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 may prevent data loss in case of a disaster or hard drive failure, it does little to ensure business and practice continuity. Through the implementation of a common technique used in information technology, the redundant array of inexpensive disks, a practice may continue normal operations without interruption if a hard drive fails.
Highlights
- •
Redundant arrays of inexpensive disks (RAID) can improve HIPAA compliance.
- •
RAID improves practice continuity in case of hard drive failure.
- •
RAID should be standard practice when using electronic patient records.
On a daily basis, orthodontists are relying heavily on computers for nearly all aspects of their practices, except where the pliers meet the wire ( Fig 1 ). However, orthodontists rarely stop to consider what actually goes into the computers that they have ordered from a software and hardware support company or a network that they have cobbled together for themselves with off-the-shelf computers from major manufacturers. Of course, these computers have all the necessary parts to function for a number of years before a critical component finally gives out, but they are not specialized to meet the needs of a busy office. If a hardware failure occurs in the computer that is the data server and the component that fails is a hard drive with all of the critical software and information for the practice to function, that is a recipe for a bad day. Fortunately, as a responsible adherent to the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the orthodontist has a backup, and all patient data are safe and sound in a secure location.
This scenario may sound familiar to many, and it is a likely occurrence for any orthodontist who relies on a computer system for storing and using patient information for long enough. However, this scenario can be almost wholly prevented with the judicious use of a common technology with which any information technology support personnel should be familiar: a redundant array of inexpensive (independent) disks (RAID).
To satisfy federal regulations, such as HIPAA, it is only necessary to keep an off-site backup and test it regularly to protect data in case of a disaster. Not all disasters catch the office on fire, bury it under water, or scatter it across the countryside. In an information technology disaster, such as a hard drive failure in an orthodontist’s data server, access to those data will be completely halted until the system can be restored, and this must be taken into account in any responsible practitioner’s disaster recovery plan. It is imperative to consider the time needed to restore functionality in an office that cannot access scheduling, billing, treatment planning, or radiographic information for the time it takes to get a new hard drive, install it, reinstall all necessary software, and restore the data. This could be hours or days, depending on the practitioner’s information technology situation.
RAID was first introduced in the late 1980s by researchers at the University of California at Berkeley. They sought to improve the performance, capacity, and reliability of data storage and protection by using multiple hard drives in a variety of configurations to suit different data management and protection objectives. In addition to this, their solution was less expensive than building larger, more advanced hard drives needed for high performance and capacity of the time—hence, “inexpensive.” RAIDs are categorized by “levels” 0 through 6 and combinations thereof.
The basis of the different RAID levels is in several data management techniques: striping, mirroring, and parity. Striping is the process of distributing the data across multiple storage devices. In this, the data can be divided up in a number of different sizes (bits, bytes, blocks, or clusters), making different RAID levels possible. Disk mirroring is simple, and it involves storing copies of the same information on 2 or more storage devices. Parity is more complex than mirroring, and it involves calculating a value from a stripe of data. If part of the stripe is lost due to a hardware failure, the lost data can be reconstructed from the parity information and the remaining information of the data stripe, and it is the distribution of this parity information across different hard drives or on a single dedicated hard drive in a RAID that allows for the information from a failed disk to be recovered. Because of the differing uses of these techniques in different RAID levels and practical financial considerations, only RAID levels 1, 5, 6, and 10 (a combination of RAID levels 1 + 0) are appropriate for use in a dental practice for practice continuity and data protection ( Fig 2 ).
RAID 1 is the simplest level, using only mirroring. In this, the same data are written to 2 or more disks simultaneously. This RAID level offers increased data transfer rates when information is being read from the disks, but it does not differ from 1 hard drive when information is being written to the disks. Simply, when 1 drive fails in a RAID 1, the others serve as auxiliary hard drives so that operations can continue as usual until the RAID can be restored. In its simplest form, the data storage capacity of the total number of drives is equivalent to the volume of the smallest drive used in the RAID.
RAID 10 is a combination of RAIDs 1 and 0. RAID 0 is not a true RAID, since there is no redundancy, and data are simply striped across multiple drives. This means that all data are lost in case of a hardware failure in a RAID 0. However, writing information to a RAID 0 is typically improved over 1 hard drive. Using a RAID 0 in a RAID 1 configuration means that the drives are mirrored and then striped. In this way, there is full redundancy, and this configuration is tolerant of any drive failure in the array. Additionally, it offers the best read-and-write performance of any RAID with full redundancy.
RAID 5 uses parity information to maintain redundancy of data. In this configuration, data are striped across all drives involved in the RAID, and parity information is distributed across all drives. For a number of hard drives, n, the data storage capacity can be measured as n–1 (n minus 1), because the equivalent of 1 hard drive is used to store parity information across all the disks. If 1 drive fails, the data on it can be reconstructed from the remaining drives and the parity information stored on them. This RAID level offers increased and expandable storage space over a RAID 1 with the ability to tolerate the loss of 1 hard drive. Although this configuration can continue to function for a time after 1 drive is lost, reading the data stored on the failed disk is significantly slowed. This is due to the necessity to reconstruct data from parity information on demand instead of reading the actual data directly from a disk.
RAID 6 is the newest form of RAID. This configuration functions almost identically to RAID 5 with information striped across all drives, and double parity information is distributed across the drives in such a way as to allow for the failure of 2 drives without data loss. For this arrangement, the volume of the system is n–2 (n minus 2), because 2 drive equivalents are used for the parity information.
Discussion
As more information is stored in a digital format and orthodontists become increasingly reliant on computers to aid in nearly all aspects of practice, it becomes important to have a plan for data protection in case of a disaster and a plan for business and practice continuity if equipment fails. Borrowing from commonly used terms in enterprise, practitioners need to think about recovery point objectives for their data and recovery time objectives for the business aspect of the practice. Fortunately, in the rapidly evolving world of information infrastructure, there is no lack of options achieve any orthodontist’s recovery point objectives and recovery time objectives.
With a recovery point objective, the orthodontist needs to ask: how much data loss is acceptable and reasonable? If backups are performed at the end of every day and carried off-site, there is a possibility that all information for that day could be lost in case of a disaster or hardware failure if all data are held on 1 hard drive in the data server. Although a RAID is not a backup in the technical sense of the word, it is a backup in the literal sense. If 1 hard drive fails, others have another copy of the data from the failed drive or a means to reconstruct the information. When 1 drive fails, a RAID can function in a “degraded state” (with the exception of RAID 0) until it can be restored to full functionality by installing a new drive and rebuilding the information from the failed drive. In this, a spare hard drive (ideally of the same capacity) should be kept on hand, so that the new drive can be installed in the computer at the earliest available time. In large, enterprise-grade servers, a “hot spare” may be kept running in the server and automatically begin the reconstruction process as soon as a hard drive failure is detected.
With a recovery time objective, the orthodontist needs to ask: how long can my practice-critical systems be inoperable? With an off-site backup and no spare hardware on hand, this could range from hours to days, depending on the practitioner’s technologic prowess. It takes time to procure a new hard drive, install and configure all the critical software for the practice, and restore the data from backup. Easily, this situation would take the remainder of the day and, perhaps, a late night with an enormous amount of unpredictability in the time it would take to complete each step, depending on the orthodontist’s knowledge of computers and information systems, availability of the installation files for the practice critical software, availability of the support staff from the practice-critical software company, and the data transfer speed of the orthodontist’s chosen backup medium and data connectors.
Using any of the RAID levels, the recovery time objective would be effectively reduced to zero. However, due to the differing architectures that make each level unique, array performance will differ. Using a RAID 1 or 10, the performance will be similar to normal in a degraded state. However, RAID levels 5 and 6 would suffer severe performance penalties because of the necessity of reconstructing data from parity information instead of reading it directly from a disk. This circumstance needs to be factored into a decision when selecting which RAID level is a proper fit for a practice’s data needs.
There is no recipe for choosing the right RAID level for a practice. Depending on how many digital systems a practitioner uses, data storage needs can differ significantly. A completely paperless office with a practitioner may not fill a hard drive with all the office information, even using imaging methods with large file sizes such as cone-beam computed tomography. On the other hand, a large group practice that meticulously documents every step of treatment with a full set of photographs and a 3-dimensional scan of the dentition would likely exceed the storage capacity of even the most capacious of drives in a relatively short time. Additionally, the computer network may be configured in a decentralized way, with separate storage locations for different kinds of information, such as business data separated from imaging data. Taking the unique information technology situation of a practice’s individual needs is an important part of the process when deciding which RAID to use.
In general, measuring data needs in the number of hard drives is a useful metric. If data storage needs do not exceed the capacity of 1 drive for the next 5 years (the average life expectancy for a hard drive), a RAID 1 would easily suit that practice’s needs while providing excellent reliability and some performance gains. If data needs exceed 1 hard drive but not 2, then a RAID 10 can provide even better reliability in some scenarios than a RAID 1. However, 4 hard drives are needed for this setup. Once data needs begin to exceed the capacity of 2 hard drives, the adaptability of RAIDs 5 and 6 is beneficial until the storage capacity is constrained by the “nonrecoverable read error rate.”
Although RAID will be a great benefit to any practitioner, there are some unique problems associated with it. The “nonrecoverable read error rate” can be understood by knowing that hard drives are not perfect, and a certain amount of bits per drive will have errors that prevent the information stored in them from being read. When the capacity of a RAID becomes great enough, it is likely that the RAID will have a nonrecoverable read error while reconstructing a failed drive, potentially leading to loss of the data from the entire array. Fortunately, technologies such as “disk scrubbing” have been developed to significantly decrease the likelihood that one of these errors will be encountered. Additionally, there may be hardware constraints in the number of slots available in the actual enclosure for the hard drives and the number of drives that can be controlled by a RAID controller (software or hardware that manages the distribution of data across the drives). Thankfully, these issues can be resolved through a good relationship with an information technology support provider.
In general, the nuts and bolts of information technology infrastructure is not a part of dental training. Often, the knowledge to handle a RAID comes with a degree in computer science and information systems. However, since RAID is an extra layer of protection from data loss and office downtime caused by hard drive failure that is not governed by HIPAA, some technologically savvy orthodontists may decide to design and implement their own RAID. This requires a certain level of confidence and a great depth of knowledge in the intricacies of hardware, software, setup, and maintenance.
Dentists who may only dabble in information technology (or to whom the topic is verboten) have a myriad of options. There are hardware and software support companies that have been serving dentists for many years, home-town computer specialists, and big companies whose names are seen every day. These companies have options available to suit the needs of anyone’s practice. Often, these companies offer service contracts to have a technician on-site in a matter of hours—any time of the day or any day of the year—to ensure that the RAID is fully operational if there is a problem with it.