Tip

How to choose the right healthcare cloud services for HIPAA compliance

Healthcare cloud services get a fair share of objections: Some consider it too insecure while others don't see tangible return on investment in migrating systems to the cloud.

But we continue to see strong adoptions of cloud services and applications in the healthcare space. Healthcare companies deal with a great deal of regulatory compliance, but some are recognizing the potential the cloud has to offer.

    Requires Free Membership to View

A cloud partner must be able to ensure data protection, as well be willing to sign and comply with your HIPAA business associate agreement.

For IT executives, the task of ensuring successful cloud adoption means facing several challenges and answering many questions about where to start and how to proceed. Here are some tips designed to ensure that IT buyers make the right decision when evaluating cloud-based software vendors:

Evaluate the organization's requirements and identify if healthcare cloud services can assist. In order for any technology initiative to be successful, it must resolve business challenges. When looking at different cloud services available, IT executives must identify and match the business goal to the appropriate technology platform and cloud service. Questions to consider include the following: Is the group looking to acquire a highly scalable application so it can grow in size? Will the group be adopting changes in service offerings over time? Will the group adopt a new electronic health record? These factors play a significant role in terms of determining what is needed to support the organization.

Review current budgets and capital available. Within healthcare there are multiple organizational models. Some organizations receive federal funds; others have capital allocated for technology initiatives. An assessment of available funds will help IT decide if it should acquire software on a subscription basis or make an up-front capital investment.

Define system boundaries. When looking into cloud services, there are several offerings that are tailored to healthcare -- and several that are not -- so it's important to exercise caution. Cloud software products that may be useful to healthcare organizations cover hosted Voice over IP, cloud EHR billing and others. Be sure to review the following items when evaluating different cloud vendors and software products:

  • Business associate agreements (BAAs). HIPAA BAAs are a part of every partnership between a healthcare entity and its business partners. A cloud partner must be able to ensure data protection and willing to sign and comply with your BAA.
  • Security requirements. Remember that in some situations, data is required to be physically housed within the healthcare facility itself -- particularly when a hospital is being managed or has been acquired by a larger health system that enforces such requirements. In those cases, cloud services would clearly not be the right choice.
  • Technical limitations. There are cases where the cloud option or the Software as a Service (SaaS) model puts limitations on the organization in terms of performance and functionality. Unsupported functionality, performance challenges, limited integration and customization can pose significant obstacles to cloud adoption.

More on cloud best practices

Tutorial: Cloud data backup

Best practices for cloud data migration

How do I get from here to Platform as a Service?

Deploying your own private cloud

Identify renewals and alternatives. Large software vendors have increased their support for SaaS and have been pushing this model as an alternative for customers looking to eliminate up-front licensing costs. One example is Microsoft. For many organizations that are planning to upgrade products such as Microsoft Exchange, SharePoint and Lync, it might be more beneficial to consider Office 365 as a cloud-based option that offers most of the functionality that on-premises products provide.

Build the case. The business case for using cloud may be straightforward, but it's still important to show value when making the case for cloud services and demonstrating return on investment. Be sure to thoroughly review and validate cloud services before making any purchases.

In general, moving to the cloud requires some work up front to ensure that the organization is on the right path. Value-add, cost, reliability and data security are some of the most important items that IT leaders need to evaluate as part of the process of selecting between cloud and on-premises software options.

Reda Chouffani is vice president of development with Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email editor@searchhealthit.com or contact @SearchHealthIT on Twitter.

This was first published in September 2013

Join the conversation Comment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.