twobee - Fotolia

CIO, analyst say cloud computing in healthcare meets HIPAA

Many fear cloud computing in healthcare. But a long-term care company disputes that stance, instead going 100% into the cloud while firmly believing it complies with HIPAA.

Creative Solutions in Healthcare may be the only health organization at present that completely operates in the cloud.

"We are the first healthcare company, to my knowledge, that is 100% in the cloud," said Shawn Wiora, CIO at Creative Solutions, based in Fort Worth, Texas.

The company was founded in 2000 and currently owns and operates dozens of skilled nursing facilities and assisted living facilities.

Wiora explained that Creative Solutions currently has 43 different applications in the cloud, including its EHR, accounting applications and maintenance software. He said Creative Solutions' HR office system is currently being hosted with Ceridian Dayforce, and its EHR is being hosted with PointClickCare. The company has been 100% in the cloud since the beginning of 2015.

"The challenge that I'm putting out there in the industry is that I'm putting all of my [healthcare] CIO and CISO peers on notice that there's nothing in HIPAA that prevents you from going to the cloud," Wiora said. "I've been very public about the fact that if you're not in the cloud, you're doing a disservice to your patient."

Moving to the cloud, Wiora said, has allowed Creative Solutions' healthcare organizations to focus on their residents rather than focusing on and worrying about things like server.

"The cloud kind of takes all of that patching and server and mundane activities of IT that has been going on for 30 years and just kind of automates it so we can ratchet up new applications on demand. And we can be very responsive to the business unit when they're implementing all this new technology," Wiora said.

Judy Hanover, research director of provider IT transformation, IDC Health InsightsJudy Hanover

Cloud computing in healthcare allows organizations to get back to focusing on treating patients and residents, said Judy Hanover, research director of provider IT transformation at IDC Health Insights, a research firm in Framingham, Mass. "It really allows them to focus on their core business and to really access best of breed technology," Hanover said.

This approach is becoming increasingly necessary for healthcare organizations due to the shift from fee-for-service models to value-based care. The cloud also helps providers keep up with regulatory changes, Hanover said, which happen every year and require healthcare organizations to adjust quickly.

"It's really changing the way that they operate, and so it's dictating the need for different types of technologies and different types of operations," Hanover said. "Having a cloud-based architecture allows them to access technology as a service and to really put it into use fairly quickly, more so than they would if they had to upgrade their infrastructure on site."

Mood changes on cloud computing in healthcare

IDC has found that more and more health IT leaders -- such as CIOs, CMIOs and IT directors -- are becoming increasingly comfortable with cloud computing in healthcare.

In a recent research survey of IT leaders from hospitals with 200 beds or more, Hanover said IDC found that 41% of respondents were more comfortable with the cloud now than in 2014. Hanover said this is a significant increase from the 31% who said they were more comfortable in 2014.

Furthermore, 46% of respondents said they're using cloud in production today, 10% said they are planning to implement the cloud, 15% said they are planning to use the cloud in 2016 and 10% said they are currently running pilots.

When it comes to cloud security, Hanover said, "We definitely are starting to see a better track record for the cloud, and healthcare CIOs are starting to see that."

"The growing consensus is the cloud can be more secure than an on-premise environment," she added.

HIPAA and the cloud

One common concern among many within health IT is whether the cloud meets HIPAA requirements.

To those who believe cloud computing in healthcare is not and will never be HIPAA compliant, Hanover replied: "That's absolutely incorrect."

We are the first healthcare company, to my knowledge, that is 100% in the cloud.
Shawn WioraCIO, Creative Solutions in Healthcare

And Wiora agreed.

"When I hear my peers talk about how you can't go to the cloud because of HIPAA, you know what that reminds me of?" Wiora said. "That reminds me of when I was in seventh grade. I remember a teacher told me a story about how in the Middle Ages, people in the villages in Europe wouldn't go into the forest at night because there were fire-breathing dragons. There are no fire breathing dragons in the forest."

In fact, HIPAA does not refer to or require any specific type of environment, Hanover said.

Rather, "It relates to how you treat designated protected health information, it refers to doing a security audit to understand where that information is, it refers to how you encrypt that data, how you manage that data, and how it's protected," she said.

Hanover also pointed out that the additional HIPAA omnibus rule that was added in 2013 specifically provides regulations for working with service providers, which includes cloud service providers.

Therefore, Hanover said, the "notion that HIPAA doesn't include the cloud is absolutely false."

Let us know what you think about the story and cloud computing in healthcare; email Kristen Lee, news writer, or find her on Twitter @Kristen_Lee_34.

Next Steps

What you need to know about cloud computing in healthcare

Beware: Danger in the cloud

Epic plans massive cloud data center

Dig Deeper on Health care cloud applications and services