Cloud computing is a rapidly emerging option for healthcare provider organizations, and is likely to remain so for the foreseeable future, both from the clinical as well as the business perspectives. After all, as noted in this issue’s Top Tech Trends feature package, revenues are increasingly being tied to better outcomes, social media tools are empowering patients to play an active role in their own healthcare, and telemedicine is gaining ground, just to name a few of the trends that are making cloud computing a viable platform in healthcare. The key factor underlying many of these trends is collaboration, among providers themselves and between providers and payers, as all will face pressures to work more closely together by sharing data.
Cloud computing can be an enabler as a platform for storing and sharing information in this collaborative environment. Yet even proponents acknowledge that cloud computing is not a panacea for every set of circumstances or for every provider organization. Instead, providers considering the cloud need to look internally at their own IT infrastructure needs before selecting which of their applications are most suitable for the cloud; and once they’ve done that, they need to evaluate cloud service providers (CSPs) carefully according to their healthcare experience and openness to being audited by the organizations using their services.
Taking a Cautious Approach
Chuck Podesta, senior vice president and CIO of Fletcher Allen Health Care, Burlington, Vt., says the cloud will be an important trend in healthcare, but adds that issues around data security and patient privacy still need to be worked out. Among his concerns is protected health information (PHI), which he says he is not ready to put on the cloud. Nonetheless, he maintains that the cloud has indeed demonstrated its value for imaging applications, from the standpoint of sharing images across systems. While not ruling it out for all applications, he says healthcare will be one of the last frontiers for cloud computing.
Similarly, Bill Spooner, senior vice president and CIO of Sharp HealthCare in San Diego, also has also taken a cautious approach to the cloud. He notes that while Sharp has created its own internal private cloud, it is moving slowly on external opportunities; it has adopted a few non-critical applications where it made sense with “vendor private clouds.” In his view, CSPs are mixed as to their readiness to stand up to information security audits; while some do engage formal audits, others don’t.
Scott Whyte is vice president of IT connectivity at Dignity Health, a 39-hosptial provider organization based in San Francisco (and which was formerly known as Catholic Healthcare West). He says Dignity’s experience with the cloud started small with certain web applications, and has gradually expanded. Its initial experience with the cloud was working with a CSP (ClearDATA Networks, Tempe, Ariz.), which was compliant with Health Insurance Portability and Accountability Act (HIPAA) requirements, on development activities. Over time the hospital network became more proactive in moving bigger applications to the cloud, he says. When asked what qualities he values in a CSP, he mentions the thought leadership, skills, and understanding of the healthcare space. HIPAA compliance goes beyond technical issues; it’s an understanding of federal and state laws and incorporation of that insight into their processes, he says.
Early cloud-based applications at Dignity were not care delivery applications per se, but rather focused on intra-hospital physician communications and digital branding. Today, the organization hosts certain clinical applications internally in its own enterprise data center that serves all 39 hospitals in the system, and uses software-as-a-service (SaaS) applications that are external to the data center. Its electronic health record (EHR) is hosted by the vendor (Cerner Corp., Kansas City, Mo.) Overall, he is seeing moves to the cloud that are strategic, need to be implemented quickly, and that need to be highly secure and HIPAA compliant.
Speaking of Dignity Health’s future plans, Whyte describes a “portfolio approach” to its data center operations, in which applications will be divided among the data center, the cloud and hosted by the vendor or as a SaaS, and its own enterprise data center infrastructure.
A Case for Collaboration
Whyte sees the trend in collaboration as an important driver in cloud adoption. Most health systems in the country are not monolithic care delivery systems that combine a health plan, hospital and physician group with other assets under one umbrella, he says. “If we think about the different reimbursement models that are developing within healthcare, there are different care delivery models that are paired together, such as with clinical integration and accountable care. Most of these groups have to collaborate, and there are advantages to being able to share and house data from different locations,” he says.
In his view, the cloud can foster collaboration between various external partners in a way that can be implemented quickly. He envisions the possibility of housing data from Dignity hospitals, their partners in the community, its foundation and medical groups, in a cloud service. In such a collaborative relationship, all partners will expect that there will be an auditable process in place.
While encryption and technical security practices need to be in place, Whyte also recommends looking for deep healthcare experience and healthcare specialization when evaluating a CSP as a potential partner. “Oftentimes, the client’s security issues come about where people and the process intersect,” he says. “It’s typically not the technology alone that fails.” CSPs that understand how those pieces complement each other will be better able to reduce their client’s risk, he says. He notes that a number of CSPs specializing in healthcare exist, and some larger CSPs are developing healthcare niches.
Dignity has taken a selective approach to the cloud. Whyte says that while the hospital system would not forklift an existing legacy system to a cloud solution that is working fine, he notes that it is moving some “substantial applications” to the cloud. “That pace is increasing and I do expect an increasing percentage of the projects to go to the cloud,” he says. He adds that there are also dollar-and-cents issues that must be considered when moving an application to the cloud. “There isn’t enough money to move applications that are running fine where they are,” he says. “There has to be a compelling business case to forklift an existing application,” he says.
Melvin Greer is senior fellow and chief strategist, cloud computing, at Lockheed Martin Corp., Bethesda, Md., which is a CSP. He is also steering community chair of the Cloud Standards Customer Council, an advocacy group, whose stated mission is to accelerate cloud adoption. Last November, the group published “The Impact of Cloud Computing on Healthcare,” a white paper aimed at improving existing standards for cloud computing.
Noting that the cloud so far has been used primarily for non-clinical applications, Greer says healthcare providers are just beginning to scratch the surface. The next phase, he predicts, will be clinical areas “that have a much larger potential in how healthcare is delivered, in doctor-patient interactions, and in the ability to improve outcomes in healthcare.”
Greer cautions that anyone considering the use of any kind of IT resource should pay close attention to security precautions, adding that the cloud is not inherently more secure than the IT enterprise infrastructures. He advises healthcare provider organizations to look for cloud service providers that can meet or exceed legal requirements for data security and privacy through regulations and legislation on the use and storage of patient health information. He also recommends that healthcare organizations make sure they are able to independently audit their cloud service providers and continuously monitor their data.
For organizations that do perform due diligence, Greer says the cloud is an enabler of many of the technological trends that are now transforming healthcare. “When we are able to use the scale of cloud computing to optimize the use of workloads to increase performance across different deployment models, we are lowering the cost of healthcare,” he says.
He sees a convergence of the cloud with the trend of data analytics and mobility, which serves as an enabler that will help to transform healthcare. “Cloud computing, with its massive scale and speed and consumption-based pricing, is allowing for analysis of large data sets, so we can build better outcomes and better diagnoses,” he says. “It provides the foundation for mobile devices to have applications and direct access to healthcare practitioners, along with better collaboration across clinician, physicians and the hospital’s ecosystem,” he says.
Making the Transition to the Cloud
When should a healthcare provider organization consider using a cloud service provider? The Cloud Standards Customer Council, an advocacy group—which encompasses a healthcare work group of representatives from hospitals, clinicians, and insurance companies—gives some guidance in a paper published last November. Among its suggestions:
- Systems should be adaptable to provider organization departmental needs and size, and evaluated on a case-by-case basis.
- Architectures should encourage open sharing of information and data sources in a collaborative workflow. Interoperable information exchange between all healthcare players has been slow in coming.
- Make sure that technology refreshes don’t overburden budgetary environments. There are hidden costs in technical and organizational challenges, as well as a learning curve, in the migration to a successful cloud-based solution.
- Scalability is a must as more patients enter the system and more data becomes digitized.
- Portability is needed to permit doctors and patients to access systems and data remotely. Management policies, technologies and software tools for remote and mobile access must comply with existing regulations, laws and organizational procedures.
- Security and data protection are paramount.