Would you trust a health IT cloud vendor in the HIPAA Omnibus era? Many provider CIOs won't. Are they properly cautious or buying into myths about the health IT cloud that aren't really true?
Some healthcare IT professionals remain uncertain of the full extent of data safeguards offered by cloud providers. In particular, they are concerned with cloud security and how it affects their HIPAA-compliant status. These worries have created significant uphill battles when it comes to putting their trust in a cloud service provider. While many vendors offer cloud services, there isn't a standard practice of how to address security and system management and quiet the concerns of health IT practitioners.
There a number of cloud myths that give healthcare organizations pause when they evaluate cloud offerings to host their IT systems.
The cloud is not secure enough
It's not unexpected to hear that some IT executives have concerns around the security of their data when it's stored in someone else's cloud or data center. The reality is that nobody can be sure about what happens in that cloud unless they are fully exposed to the provider's security and auditing practices.
The way many top cloud providers address these concerns is through audits and receiving certifications such as HIPAA, the Federal Information Security Management Act and ISO. Many vendors openly discuss the security layers they deploy to ensure the protection of their clients' data.
It's more costly to use cloud vs. in-house
In healthcare, similar to other verticals, return on investment (ROI) plays a significant role in the decision to go the cloud route or not. At first, many see that the costs of cloud services to be much higher than that of an internally hosted hardware purchase. The challenge lies in how the on-premises deployment of any system is accounted for.
The on-premises deployment expenses may not account for all costs associated with that model. In some cases, that estimate may skip costs of data retention, support staff, security equipment, warrantees, hardware refreshes and consulting. This can give a false sense that cloud has a smaller ROI than an in-house product. There are cases where a hybrid solution might offer the best ROI, but it will require a clear cost analysis to determine the difference between using some cloud services versus hosting everything internally.
You lose significant functionality in the cloud
Cloud service providers recognize that flexibility and ease of management is a key component to the success and allure of cloud adoption. Many of the early adopters of cloud services have seen their administrative tools improve significantly over time. Administrative tools that are given time to mature can simplify the allocation of systems and services and more deftly operate while meeting today's complex system requirements. Many vendors offer user-friendly Web administrative tools that make for easy to scale and manage environments. These tools give IT the capability to move some of their applications and files, such as EHR or medical imaging data, to the cloud.
You lose ownership of your data in the cloud
A cautionary tale often told about cloud hosting is that of the medical practice that lost access to patient data hosted in the cloud. This organization lost access to their cloud services because they failed to pay their monthly subscription fees. The service was shut off after several warning notices and left the practice unable to review patient charts.
Cloud options for healthcare providers
Issues to explore before approaching private and hybrid cloud
Public cloud one approach for storing EHR data
How to determine which cloud option is best for you
There is concern around how data in the cloud is not physically accessible and that if the cloud provider claims bankruptcy, then the data might simply vanish. Many have found ways to mitigate those risks by ensuring the availability of data through clearly defined language in their contracts. No business should take risks and store their data with an unknown cloud provider. Fortunately, there are ways to protect the organization from ever being put in that position. Cloud providers are here to stay, and most are what we call "too big to fail." However, it is not uncommon to find organizations using smaller secondary cloud providers to host their backups for added protection.
There is nothing for us in the cloud at this stage
Cloud goes beyond distributed computing and provides subscibers with access to a cluster of nodes that offer unlimited storage, processing power and memory. The services being offered today by cloud vendors range from EHR systems, cloud file storage, emails, VoIP, faxing, document management, collaboration platforms, telehealth, medical imaging storage, practice management and so much more. Cloud isn't always used as a full replacement for internal infrastructures such as servers and storage. It is simply a set of components that have matured over time to offer cost-effective and pain-free alternatives to in-house deployments.
By 2017 nearly half of large enterprises will have a hybrid cloud deployment, according to research from Gartner Inc. This shows the success that cloud services are having today, and will likely continue to develop over the next few years. The healthcare market can benefit from multiple cloud options, from private, public to hybrid deployments. This gives every health IT executive the freedom to select what will be the best for their organization, based on their regulatory compliance needs.
About the author:
Reda Chouffani is vice president of development with Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email firstname.lastname@example.org or contact @SearchHealthIT on Twitter.