Because of competing priorities as well as cost, security and implementation concerns, cloud-based storage development has gotten off to a slow start in healthcare. CIOs, CTOs and other healthcare IT leaders are adopting a variety of strategies in this area, based on their organizations’ needs, resources, and priorities.
With healthcare data set to spike over the next few years due to the advent of electronic health records (EHRs) and the ongoing digitization of diagnostic images, a new debate has emerged in the industry over the value of the cloud. While a considerable number of healthcare providers are turning to cloud computing as an alternative to traditional servers for storage purposes, others remain skeptical.
Cloud computing gives providers the opportunity to store data on a virtual server, and can be either public (operated by a third party vendor) or private (kept strictly in-house); or it can be created as a hybrid, using a combination of both public and private clouds. There’s no doubt that the cloud has become a trendy idea to solve storage-related cost issues. Consulting firms like Accenture (Chicago, Ill.) say cloud computing can save up to 50 percent of a provider’s hosting costs on an annual basis.
However, a look inside the front lines of the healthcare industry shows that CIOs and other technology leaders in healthcare aren’t fully sold on the concept. Questions about its security and reliability have cropped up while a multitude of other, more pressing IT issues have kept cloud development on the backburner. Even its cost savings have come into question. In short, when it comes to the cloud, there seems to be more doubt than certainty.
Curt Kwak, CIO of the Northwest and Southwest Regions of Providence Health & Services, could be a poster boy for those who have expressed public cloud-based doubts. Kwak’s particular region of Providence Health & Services, which is a 27-hospital network encompassing the Pacific Northwest, uses a traditional data center with physical servers that are currently being virtualized.
Kwak, who notes his opinions are not necessarily reflective of the other regions of the Renton, Wash.-based Providence Health & Services, is not ready to switch to a public cloud anytime soon.
“I’m not convinced yet that the cloud environment is ready to accommodate and support healthcare,” he says. “I wish it were, because I see a lot of benefits from it. Things like HIE [health information exchange] and other community needs can be hashed out and resolved by a good, efficient cloud-based solution, but we haven’t seen that yet.”
According to Kwak, the cost factor has also kept him leery of the cloud. He says he hasn’t seen any solid proposals or strategies that prove it can cut costs. Even if there are some operational savings, Kwak says the return on investment is not nearly enough to justify a full-fledged shift to the cloud. “There might be some savings, but at the end of the day we only have a finite amount of resources on hand,” he says.
Additionally, between the ongoing conversion to IDC-10 and the streamlining of their health informatics systems, Kwak says there are a lot of priorities that come ahead of infrastructural needs, which are pretty good as are, in his view. Often, Kwak tells others in the industry to proceed with caution regarding the cloud. “If you have a tough time articulating your value proposition, don’t do it for the sake of doing it,” he says.
Chuck Christian, CIO of the 232-bed Good Samaritan Hospital in Vincennes, Ind., has his own reasons for doubting the cloud. For Good Samaritan, he has chosen to virtualize his traditional servers rather than go for a public cloud solution. Christian says there are six servers on one farm running 65 to 70 virtual servers on one farm and three servers running 15 to 20 virtual servers in another. He considers this solution a type of private cloud, although both keep operations in-house.
For Christian, the reason to keep everything in house has to do with security more than anything else. “We’re a hospital and we’re very concerned about keeping this data as safe as we possibly can,” he says. “I’m concerned with the idea of turning that data loose.” He notes how under federal regulations, data breaches are the responsibility of the healthcare provider, not the cloud operators or other third parties.
“If it’s in our data center, I know where it is,” he adds. “If it’s in the cloud, then I’m not sure where it is. The only thing I can be assured of is that we have a really good contract in place, but that doesn’t ensure the data will or will not be comprised.”
According to Jeff White, principal at Aspen Advisors (Pittsburgh, Penn.), the fact that most vendors won’t sign a business associates agreement (BAA) with healthcare providers is a strong deterrent for the cloud. Without a BAA, data breaches, as Christian says, would fall under the jurisdiction of the provider and the provider only.