At a time of rapidly expanding data storage needs, the cloud offers a compelling business case to healthcare provider organizations. After all, the cloud can relieve a hospital of the significant capital costs of acquiring and maintaining hardware, and can free up hard-pressed IT staffs from maintaining that equipment.
Yet the cloud is a broad term encompassing many models, both public and private, and within the latter, software-as-a-service (SaaS), with varying degrees of data management by the vendor. CIOs whose organizations are considering use of some form of the cloud are faced with questions around implementation, vetting of cloud service providers, and protection of their data that is no longer, in many cases, under its own direct control.
CIOs interviewed for this article express different takes on the use of the cloud. While many healthcare CIOs are skeptical of the “public” cloud offered by companies such as Google, Microsoft and Amazon, others are more open to using the “private” cloud, which allows more control over their data.
One proponent of the cloud is John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, who recommends taking a realistic view of the cloud, whatever model one chooses. In a blog post from 2011 that is still apt today, he notes that the sophisticated technology required for 99.999-percent uptime comes with a lot of complexity, and with it, unanticipated downtime and human error. Nonetheless, he does not believe the public cloud has substantially less downtime cost than he could engineer himself.
FAN NOTES FROM A ‘CLOUDY CIO’
Dan Morreale, vice president and CIO of Riverside Healthcare System, a 680-bed provider organization based in Yonkers, N.Y., with three hospitals, a nursing home and 20 ambulatory locations, is a self-proclaimed fan of the cloud. Explaining his business case for using it, he says, “I am hoping to eliminate my massive data frame in my organization. I don’t want to deal with power issues and cooling issues, and I don’t want to deal with capitalizing hardware over time.”
Morreale acknowledges that part of his openness to the cloud is a matter of timing. “If I had hardware that was brand-new, with some room for growth, I wouldn’t be that interested in the cloud right now,” he says. His decision to move data to the cloud is based on a five-year cost of ownership model. Like CIOs of many community-based hospitals, he says, “When I look at expanding the computer room or buying new servers or buying new storage, then the costs, the returns on investments, become a lot easier to see and to justify."
Morreale says he is open to storing all types of data on the cloud, noting that he has very stringent requirements on how he wanted his hospital’s data protected. Several years ago (before his arrival at Riverside), he used the public cloud (Amazon) to host an HIE solution and data. He pulled back on the public cloud with policy changes in the Health Insurance Technology for Economic and Clinical Health (HITECH) Act that required more stringent privacy requirements. Today, he makes use of the private cloud model (hosted by Tempe, Ariz.-based ClearDATA, a cloud service provider that specializes in healthcare). His view of cloud storage is one of shared risk, and he requires vendors that he works with to understand that risk, he says.
He adds that he is “cautiously optimistic” about other models of cloud storage, such as software-as-a-service (SaaS). He requires those vendors to disclose their security plans and rules and their policies. “I insist that my data be encrypted, both at rest and in motion, which is a show-stopper for many of these smaller vendors,” he says.
Tom Gordon, senior vice president and CIO of Virtua, a 1,178-bed integrated health system based in Marlton, N.J., dislikes the term “cloud,” because to him it suggests a wide-open and unsecured service. While Virtua, which Gordon describes as a risk-averse organization that operates its own data center for production data and disaster recovery, eschews the public cloud, his organization does make use of vendor-hosted solutions.
Gordon compares vendor-hosted solutions to the application service provider (ASP) model, which he says offers significant economies of scale resulting from shared bandwidth and shared staff monitoring equipment, as well as the speed at which applications can be deployed. He credits vendor-hosted solutions with helping the hospital system meet its data storage requirements, which are growing at a fast clip. He estimates that clinical data is growing at a rate of 70 percent year over year.
Another proponent of vendor-hosted solutions is Kirk Larson, vice president and CIO of Children’s Hospital Central California, in Madera, Calif. Children’s Hospital makes use of vendor-hosted storage services from athenahealth, Inc., Watertown, Mass., which supplies its ambulatory EMR; Emdeon, Nashville, Tenn., which supplies its revenue cycle solution; and Boston-based Iron Mountain, which handles the hospital’s vendor-neutral archive.
Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.