BOSTON -- The health care industry remains hesitant about using cloud computing services, but that shift is inevitable, representatives of four IT vendors agreed in a panel discussion during last week's Health IT Insight conference.
"Financial services went through this 10 to15 years ago, and now I wouldn't think twice about banking online," said David Kerr, a vice president and general manager at IBM. "I don't get paper statements anymore. I don't walk into a broker anymore. Health care, coming into the cloud a decade later … is now faced with the knowledge and learning that has taken place."
The largest concern, obviously, is data security. Attendees pressed vendors to describe how they would protect personal health information (PHI) in cloud environments, particularly in the light of increasing reports of health care data breaches.
IBM, for its part, is not comfortable hosting PHI, Kerr said, "but I do believe [that time] will come." Ultimately, he added, it is less of a security issue and more of a business issue, one aimed squarely at protecting physical assets and outlining business processes.
VMware Inc. begins by targeting infrastructure that runs applications using data that is not subject to Health Insurance Portability and Accountability Act (HIPAA) guidelines, said Frank Nydam, director of health care solutions and market development at the virtualization vendor. In addition, VMware works to get PHI off the client and into the data center, "where it's someone's full-time job to take care of that [and] focus on security."
Besides security, another key obstacle to the adoption of cloud computing services is knowing where to start. Here, the vendors had some advice for the health care providers and payers in the crowd.
Kerr suggested they begin with applications, such as patient portals, which could be moved to the cloud without existing clinical workflows being disrupted.
Cloud-based portals also offer what Nelson Hsu, senior director at Stratus Technologies Inc., described as a "seamless" way to run reporting applications -- and, in the process, meet the quality reporting requirements of meaningful use. Within a virtual environment, Hsu said, a health care provider could run MUMPS, or the Massachusetts General Hospital Utility Multi-Programming System, a programming language developed in the 1960s but still used in some medical databases.
Health care, coming into the cloud a decade later [than other industries], is now faced with the knowledge and learning that has taken place.
David Kerr, vice president and general manager, IBM
Verizon Healthcare Solutions is developing a medical data cloud to be used as a health information exchange, and it made sense to focus on apps that needed an occasional boost in storage and processing power, said Duane Batista, principal consultant with Verizon. He specifically referenced financial systems, which could benefit from that boost at the end of a quarter, though any lightweight app with a Web interface and a varying load would do. On the other hand, there is no cost benefit for an application that runs every day at a consistent level for routine tasks, he said.
Ultimately, the four panelists agreed that the best cloud computing services model for health care is a blend of a public cloud and a private cloud -- or as Batista put it, an "elastic private cloud." Such a strategy could focus on the previously mentioned applications that are good candidates for the cloud -- and in the process, reduce the silo effect that prevents the exchange of data among those apps -- while allowing organizations to maintain greater control over sensitive PHI.
Wider exchange of data and greater control of sensitive information could be possible, not only for payers and providers but also for pharmacies, medical device companies and even health clubs, Kerr said. "The cloud can allow very diverse, fragmented industries to collaborate … and up the level of service they provide."
Let us know what you think about the story; email Brian Eastwood, Site Editor.