Melpomene - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Meditech EHR moves to public cloud, points to industry trend

When EHR vendor Meditech partnered with Google Cloud Platform, it joined Cerner in a push toward the public cloud. The trend presents new opportunities and new challenges for healthcare CIOs.

The Meditech EHR is moving to the public cloud.

The vendor is working in collaboration with Google Cloud Platform to make the most recent version of its EHR, Expanse, available through the public cloud. Meditech is not alone in its embrace of the public cloud. In late July, EHR vendor Cerner named Amazon Web Services (AWS) as its preferred cloud provider. Indeed, Epic is the only major EHR vendor yet to partner with a public cloud vendor. But one expert said it's just a matter of time.

Partnerships between EHR vendors and public cloud providers could bring a mix of benefits and challenges to healthcare organizations. A public cloud option for the Meditech EHR means Expanse customers could give up hosting, supporting and maintaining the EHR on premises. Meditech could also provide more cybersecurity resources to their customers.

Yet hosting patient data off site means a healthcare organization has less control when it comes to system maintenance or if an issue occurs.

Security of EHRs in the cloud

Cloud is a big part of the future of healthcare, yet it was only a few years ago when the technology was seen by CIOs as a "security and compliance" nightmare, said David Finn, executive vice president of strategic innovation at healthcare cybersecurity consultancy CynergisTek Inc.

When the HIPAA Omnibus Rule of 2013 went into effect, Finn said it drove a lot of change and has made the cloud as secure as a hospital data center. The rule required business associates like cloud vendors to comply with HIPAA, as well as be liable for their own breaches.

Jeff Becker, senior analyst at Forrester, sees backup and disaster recovery as the primary driver for cloud adoption by healthcare organizations. Health systems want a fully redundant data backup "off site and in the cloud," he said.

In a press release, Meditech stated the public cloud will play a role in helping healthcare facilities increase their security efforts and ability to fight ransomware attacks, something Finn sees as a distinct possibility.

Cloud vendors like Google and AWS will be more focused on security issues and have greater resources to address cybersecurity. Yet moving EHRs to the cloud could present new privacy and security risks, especially around tools like APIs, something the federal government is pushing to make healthcare systems more interoperable and patient data more accessible, Finn said.

The Office of the National Coordinator for Health Information Technology (ONC) proposed information blocking and interoperability rules in February that would require health systems to use FHIR-based APIs. FHIR is a set of standards for sharing data electronically, while APIs allow systems like a hospital EHR and a patient's mobile device to talk to one another. Finn said his concern is ONC has yet to put forward security standards for APIs, meaning a patient could accidentally open the door to a negative cybersecurity event.

"I would like to see us have some base standards around APIs, around the devices, if we're going to use public cloud for connecting," Finn said.

Finn is also concerned about an outside vendor controlling patient data storage. With data in the public cloud, decisions such as when to update software or emergency maintenance incidents would be out of a healthcare organization's control.

Becker said there is also a broader privacy concern associated with a company like Google, which built a business off of user data and ad personalization. The company has a tainted reputation when it comes to privacy stemming from incidents such as the University of Chicago Medical Center lawsuit from earlier this year.

The lawsuit alleges the University of Chicago Medical Center sent thousands of patient records, including doctors' notes, to Google without stripping identifiable information. In August, both Google and the University of Chicago Medical Center filed motions to dismiss the lawsuit, which was filed by a former University of Chicago Medical Center patient.

Despite the tricky area of data sharing, one of the main benefits the public cloud provides is enhanced security, especially for smaller hospitals and clinics. Meditech's partnership with Google could expose a healthcare organization to stronger security tools than it could build and maintain on its own, according to Becker. He pointed to DCH Health System in Alabama, a recent victim of a ransomware attack and a Meditech customer, as an example.

"It's three community-sized hospitals in rural Alabama," Becker said. "They don't have the capital to hire the kinds of cybersecurity experts they would need to perpetually protect their data center from increasingly complex and sophisticated ransomware attacks. But Google does."

Public cloud

Moving Meditech EHR to the cloud

One step further, Becker said that by selecting Google as its cloud provider, Meditech is positioning itself to "pursue innovation" within its own product line. The partnership could also help Meditech support its customers' pursuit of innovation, Becker said.

Healthcare organizations can't always hire the data scientists they would need to advance their operations. Becker pointed to machine learning as one example. Experts could build algorithms using hospital data to implement within clinical workflows, but are hard to find and come at a steep price tag. Google has resources like those in spades, he said.

You're getting access to cybersecurity experts, data science experts, AI experts and top tier technology talent.
Jeff BeckerAnalyst, Forrester

"You're getting access to cybersecurity experts, data science experts, AI experts and top tier technology talent," Becker said.

Through its partnership with Google Cloud Platform, Meditech has plans to develop native cloud products and APIs, according to the Meditech news release. Google Cloud Platform will feature additional options aligned with "Meditech as a Service," a monthly subscription service to Expanse, according to the release.

"Google's got the right vision, they've got the right technology, they've got an appetite for innovation, and Meditech has all of those things as well," Becker said.

EHRs moving to the cloud

Meditech is far from alone in pushing toward a public cloud. In July, Cerner expanded its relationship with AWS to accelerate the use of artificial intelligence and machine learning, as well as enhance clinical experiences and lower operational burdens for health systems.

The one laggard is Epic, Becker said, but he doesn't expect Epic to be out of the public cloud game for long. The Epic EHR is already cloud-based, and because Epic has worked with Microsoft in the past, Becker expects Epic to announce a partnership with Microsoft Azure within the next three months.

"Epic built their population health platform on Azure, Cerner built their population health platform on AWS, and Meditech has been a back-office Google client for years," Becker said. "These relationships are already established. You can kind of tell where everyone is headed and it's just a matter of time before they're going to decide they're going to make that public."

Dig Deeper on Electronic health record systems

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How does your organization use the public cloud?
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close