When it comes to shifting towards cloud-based computing in healthcare, the landscape remains highly complicated along a number of dimensions—core infrastructure and technology, data security and privacy, process, and above all, people. That much was clear, as the Health IT Summit in Denver kicked off on Tuesday, July 22
at the Hyatt Regency Denver Tech Center. The Summit is being sponsored by the Institute for Health Technology Transformation, or iHT2 (since December 2013, iHT2 has been in partnership with Healthcare Informatics through its acquisition by the Vendome Group, LLC, the parent company of Healthcare Informatics). In an opening panel discussion entitled “The Healthcare Cloud: Is Your ePHI Ready?” Shadaab Kanwal, executive director, research & quality, at the Oakland-based Kaiser Permanente, led a discussion around the topic of the shift to cloud-based hosting of core capabilities and applications for hospitals, medical groups, and health systems nationwide.
Cloud computing panel (l. to r.): Kanwal, Brummett,
Hess, Pelot, Koerner
A variety of perspectives were shared by the discussion panelists, including Steve Hess, CIO at the University of Colorado Health (a Denver-based integrated health system); Jeff Pelot, CIO, eHealth Services, Denver Health; James Brummett, director, technical services, El Camino Hospital (Mountain View, Calif.); and Drew Koerner, chief healthcare solutions architect at the Calif.-based VMware. Above all, panelists agreed on this: the migration of a range of IT capabilities into the cloud will be challenging, gradual, and yet inevitable. Also agreed by the panelists: that migration will inevitably be very complex, and right now, the healthcare industry is very early in the process. But despite the enormous data security, vendor-interaction, and process challenges, the economics of infrastructure management and development will push provider organizations towards some level of cloud computing over the next decade.
With regard to the economic imperatives, the University of Colorado Health’s Hess said, “If you look at the capital dollars available, you’re just not getting the dollars any longer for base infrastructure, and you’re just not going to get a million dollars to increase your e-mail service infrastructure. So we’re looking at these kinds of solutions across numerous dimensions, including for the IT help desk. This is going forward,” Hess said. And he added, “From an IT staff core competency standpoint, too, where are you going to put your dollars in terms of FTEs? It will be in informatics, not in server management. You’re not going to put your key FTEs into server management any longer.”
But what about data security? “Most of the breaches that have happened have happened in the private cloud environment, because of improper paperwork or disk storage, or disposal of data,” Kaiser Permanente’s Kanwal noted. “So how do you tie the process and people part together in terms of technology? What needs to happen first? People, process, or technology?”
“It’s absolutely people,” said El Camino Hospital’s Brummett. “At the same time,” he said, “there are definitely security issues to be worked out in the public cloud environment. But it’s interesting: if El Camino had a data breach, we would be the ones on the front page of the newspaper, not any of our vendors. Yes, there are security concerns in the cloud,” he conceded. “But in reality, I’m less concerned about security concerns in the cloud than about what goes on in the hospital. I am scared to death of the people—the nurses, the doctors, my people sitting at the help desk—doing things that will compromise our data security” on behalf of patients.
VMWare’s Koerner, who spent years as a hospital IT executive before moving over to the vendor sphere, said, “Yes, I think James is right. Most of the breaches involve people. A laptop goes missing, or a USB stick. We can monitor who has web access, and such things. But who knows what goes on with a laptop? It’s the people processes involved, completely apart from cloud or anything.”
“Let’s face it also: in hospital systems, we’re still relying heavily on faxes,” said Denver Health’s Pelot. “And we’ve still got PHI sitting around all over the place on paper. And that lack of data security isn’t often commented on.”
“Are we ready for the public cloud?” Kanwal asked. “The due diligence for that will probably be a slow journey,” said Hess. “Once a few pioneers do it, others will follow. I think it will require big vendors to show that they can do it. I think we’ll move forward with the high-availability and business continuity solutions being placed into the cloud. I think it will truly be a hybrid as we walk into the future.
What about the risk? Kanwal asked. “That requires an executive-level discussion,” Hess said. “As we looked at the Microsoft solutiosn in the cloud, our senior leaders were involved in every way. And I think it will inevitably be a case-by-case discussion going into the future. We looked at the total cost of ownership of infrastructure over 11 years. When you look at a subscription model versus infrastructure ownership, though, the spend you can avoid by moving forward in this area—it really does make a lot of sense.”
“My barrier around the cloud,” said Brummett, “is this. I agree about the economies of scale. The thing that holds me back is actually the disaster recovery aspect of it. We’ve got all the components we need in terms of infrastructure, but we do not have the high-availability, DR-type awareness built into the individual applications, that would allow us to fail. For instance, we’re in the San Francisco Bay area. And we’re waiting for The Big One [earthquake] to hit. We are planning to be able to operate completely disconnected from the outside world. We have to be able to fail inward, not only to be able to provide core services, but also greater levels of service for an influx of patients, in the event of an earthquake. And we’re working on an Epic implementation now. But it’s that being able to fail inward. And Epic has done some great work providing transparency on DR capabilities for some areas; but there are still a number of areas where they’re not yet prepared for a major disaster. So that’s what holds me back.”
In the end, all the panelists agreed, the evolution forward on cloud adoption will be a long-term, complex one, and one that healthcare leaders industry-wide will be involved in very robust discussions around.