The overhyped term cloud computing is defined in many ways, depending on who's talking. At its most basic, cloud computing is a means of providing and using IT services that are delivered over the Internet,
Cloud services can be useful for health care providers struggling to implement IT on aging networks and in cramped data centers, but a variety of concerns keep adoption rates for cloud services low. This FAQ looks at why health care has been slow to turn to cloud computing, and at what can be done to alleviate such concerns as security and data ownership.
- What is cloud computing, and how is it changing information technology?
- Why aren't cloud services widely used in health care environments?
- How do the public cloud and a private cloud differ?
- How can a service-oriented architecture alleviate health IT leaders' concerns about cloud services?
- Which core competencies of health IT are the best candidates for cloud services?
The cloud computing model is evolving, and as noted by the National Institute of Standards and Technology (NIST), its attributes, uses, benefits and risks are sure to change over the coming years.
According to NIST, there are five characteristics essential to a cloud computing system:
- Broad network access.
- Resource pooling.
- Rapid and elastic provisioning.
- Measured service.
- On-demand self service.
If an organization uses the cloud computing model, its data processing does not take place on a single, specified server or set of servers, but in a third-party location instead. The infrastructure in a cloud system, such as servers and networks, is shared (unless, of course, an organization opts to develop a private cloud, which is described in further detail below).
One of the greatest appeals of cloud computing is its ability to provide IT services in real time on a pay-per-use basis. That allows users to consume -- and pay for -- only as much bandwidth and as many applications as they need. Users do not have to worry about the capital expense of hardware, software, infrastructure, services management and capacity that they don't need.
It should be noted that the hype surrounding cloud computing attracts steady criticism. Oracle Corp. CEO Larry Ellison famously berated the cloud computing buzz in 2008, calling it "really just complete gibberish" and accusing the computer industry of being driven by fashion. "We'll make cloud computing announcements," he said, "because, you know, if orange is the new pink, we'll make orange blouses. … I don't understand what we would do differently in light of cloud computing other than change the wording on some or our ads."
Concerns about data security in the cloud and the privacy required when information is handled by a third party leave organizations in many industries reluctant to let data out of their control.
The highly regulated nature of health care, particularly the requirements imposed by the Health Insurance Portability and Accountability Act (HIPAA), has created further obstacles to the rapid adoption of cloud services in the industry. Physicians are notably wary of the liabilities and risks, both real and perceived, in turning patient data over to an outside provider. Several high-profile data breaches and leaks in recent years have served to exacerbate these concerns.
Health care providers also have expressed concerns about accessing patient data if that information is stored by a cloud services provider. Unlike many other businesses, health care cannot afford computing downtime, and a number of recent cloud computing outages have highlighted these worries
In the public cloud, computing infrastructure is owned and operated by a cloud services provider, and is available to anyone willing to pay for the services and use them according to the provider's terms and conditions. In a private cloud, on the other hand, the computing infrastructure is operated exclusively for one organization, although it may be owned and managed by a third party. In some cases, a private cloud can emerge as the progression of a server virtualization implementation.
Some companies deploy internal private clouds in their own data centers, automating processes and enabling their users to provision resources on demand in a chargeback environment. Some third-party providers also offer private cloud services; here the infrastructure is dedicated to a single customer, much like a dedicated hosting service.
In addition, the community cloud model, in which several organizations share infrastructure, is gaining momentum. In health care, a community cloud can provide shared storage for personal health information (PHI), as well as access to such custom applications as radiology or ultrasound, which might otherwise be too expensive or cumbersome for certain providers to purchase and maintain on their own.
Finally, hybrid cloud systems, which connect two or more cloud systems, such as a private cloud and a public cloud, are being built to allow data and applications to move between private, public and community cloud computing models.
Service oriented architecture (SOA) has the potential to alleviate some concerns about cloud computing in the health care environment. SOA technology can play a role in reducing the data security risks of cloud services, and it can provide business continuity when disaster strikes, according to SOA consultant David Linthicum, chief technology officer at the St. Louis-based Bick Group.
The migration to SOA involves breaking a network architecture down into individual processes. That gives IT executives the opportunity to move each process individually to a different computing model. Hospitals and other health care providers then can maintain on-site the operations they don't trust to a cloud provider, while moving over less critical operations, Linthicum suggested.
The need to store an expanding archive of medical images is driving some health care providers to turn to cloud services. Many hospitals' data centers are already crowded; advances in scanning technologies mean they will have an ever-mounting volume of data to maintain. The cost of managing, cooling and expanding data centers in some cases is looking less favorable than putting the data into the cloud. In a similar fashion, as the health care industry moves to electronic health records, EHR technology is expected to encourage cloud storage.
The Health Information Technology for Economic and Clinical Health (HITECH) Act within the American Recovery and Reinvestment Act set aside billions of dollars in federal funding for health IT, particularly EHR technology. As hospitals move toward meeting the requirements for the meaningful use of EHR, industry observers expect administrators to look increasingly to mitigate the capital expenses and maintenance costs of traditional storage solutions. Major EHR vendors provide a host of conventional client/server offerings, but more cloud-based health IT options are becoming available.
Moreover, a number of technology powerhouses, including Google Inc. and Microsoft, have gotten into the cloud-based health IT marketplace through personal health record, or PHR services; Google Health helps patients track and monitor their PHI online; while Microsoft HealthVault offers patients a place to store and maintain medical records, track prescriptions and share medical data with health care providers.
In addition, telemedicine, which by definition relies on an extended telecommunications infrastructure to deliver clinical services to remote areas, is viewed as another good candidate for cloud services.
Let us know what you think about the FAQ; email firstname.lastname@example.org.
This was first published in January 2011