I’ve recently seen a lot of press on an emerging technology known as “Cloud Computing” (Information Week, June 30/July 7, 2008), and all the controversy that surrounds it, and wondered how it might fit into an IT strategy for image management and distribution.
For those not familiar with Cloud Computing, the term has a wide range of definitions, from a narrow definition of utility computing, to a broader definition of anything outside of the firewall. (InfoWorld.com Website). Another way of looking at it is as a means of increasing capacity without investing in infrastructure.
As IT professionals wrestle with the consequences of growing demand for image storage and access, perhaps the concept of Cloud Computing has some merit. Let’s take a few moments to explore this. If we use the broad definition of anything outside the firewall, then companies that provide image archive and retrieval services might be thought of as Cloud Computing solutions. Whether for primary storage or for disaster recovery backup, remote services offer Cloud Computing advantages of increasing capacity without investment in infrastructure. There are a number of vendors that offer such services for imaging, including InsiteOne, Carestream, Philips, and GE. To date, these services have been viewed primarily as an alternative means to long-term and disaster recovery image storage. However, with increased emphasis on EMR’s, there is a growing need to provide a reliable mechanism for image access as well as storage.
What might be some considerations of Cloud Computing solutions for image management?
Security: As the broad definition states, a Cloud solution might be one that is outside the firewall. For sensitive patient information, this may present a problem in terms of maintaining patient confidentiality. How can the patient’s security be maintained if it is outside of the facility’s firewall, and potentially, outside of the facility’s control? For sure, the data needs to be encrypted. The encryption methodology must be available to a wide array of users to assure accessibility. Beyond that, it must be controlled by various sign on mechanisms for accessibility, so non-authorized accesses are disallowed.
Accessibility: Accessibility is impacted by the purpose of storing data in a cloud. If the intent is strictly long-term archival or disaster recovery, the number of potential authorized accesses can be limited and controlled. If the intent is to provide a universal access for all users, such as with an EMR, then accessibility can be much broader and harder to control.
Connectivity: As with accessibility, connectivity can be a factor in terms of accessibility. If the remote facility is strictly for disaster recovery backup, the connectivity bandwidth can probably be considerably lower than if used as the primary storage point for an EMR. If the need is for a more interactive long-term archive that will be frequently accessed by the primary facility, then a higher speed connection is probably warranted. On the other hand, if the facility is a primary archive for an EMR, internet accessibility may be appropriate, so long as retrieval times are acceptable.
Life Cycle Management: The advantages of capacity without investment may be impacted by the ability to control the information over time. The initial contract should be specific about accessibility and retrieval of the data over time, in case business circumstances change in the future, and there is a need to relocate the data to another location. Also, it may be important to consider the format of the data as should internal applications change, will it still be possible to retrieve images in the future? Finally, does the service provide a mechanism for purging the images out of archive? This may be less of an issue for services that strictly charge for information on the way in, versus pricing models that include recurring charges over time.
Reliability: As with the other issues, reliability may be another important factor in the success of Cloud Computing. Depending on the application, reliability may have varying degrees of importance. A simple backup archive may require a lower level of reliability than an image source for an EMR. It will be important to establish Service Level Agreements (SLA’s) with the vendor to establish the right level of reliability and service.
Beyond disaster recovery and archive, there may be compelling reasons to consider Cloud Computing, particularly for facilities wishing to compete in a broader healthcare arena. The large IDN may be able to justify the investment in image management and distribution technology, but the smaller facility may struggle with such an investment. With the advent of Personal Health Records (PHR), general accessibility to images is likely to increase. The Cleveland Clinic-Google partnership is a prime example. If Google can act as a “Cloud,” even small facilities may be able to upload and store results and make them accessible to patients and other facilities.
A simple example can serve to illustrate the advantages this could afford all. Let’s say a patient is seen by a general practitioner, who first orders some diagnostic studies, and then refers the patient to a specialist. Frequently, when the specialist appointment is made, the patient is reminded to bring along their images. Should the patient forget to bring them, the appointment may need to be rescheduled, wasting not only the specialist’s but the patient’s time. If the original study were uploaded to a patient’s PHR, there would be no lost time, as the specialist could easily access the images.
Another thought on the use of Cloud Computing – it may serve as an effective means for establishing a proof of concept before full-scale implementation of an application. Again, the investment angle. It may be an effective means to establish an application without an up-front investment.
Those are my thoughts. I’d be interested in hearing your thoughts on the application of Cloud Computing in healthcare IT. Does it represent an attractive alternative? Is security a significant detractor? Will greater application of PHR’s force healthcare providers in this direction? What role should healthcare IT vendors play in its application? I welcome your comments!