Health IT and Electronic Health Activate your FREE membership today |  Log-in

Community Blog

Sep 20 2012   12:06PM GMT

IHT2 panel: What is needed to make the cloud “fly” in health care?

Posted by: Jenny Laurello
99.999, Cloud, Cloud computing, continuous availability, Desktop virtualization, Disaster recovery and business continuity, downtime, five nines, iHT2, Institute for Health Technology Transformation, service level agreements, uptime, virtualization

“Get your head out of the clouds!” is a phrase that typically carries with it a negative connotation — one of being unconnected, ungrounded.  Going the way of the cloud — cloud computing, that is — is quickly becoming the norm in health care, though. And while it offers many benefits in terms of efficiency, scalability and cost savings, there are still many challenges with which both IT leaders and practitioners are grappling.  

A panel of experts came together to discuss virtualization in health care and best practices in cloud at the Institute for Health Technology Transformation (iHT2) Health IT Summit in NYC this week, providing first hand perspectives on implementation in action.

One of the most interesting questions posed by moderator Dr. Barry Chaiken, chief medical officer of DocsNetwork Ltd. and senior fellow and HIT conference chair for iHT2, was in regards to the proper infrastructure that must be in place in order capitalize on the cloud in provider organizations. Essentially, what are the key technologies, components and best practice frameworks that are necessary to make the cloud, well, fly?

Rick Jennings, chief technology officer for vRad, noted that “all you need to take advantage is an internet connection, so you also need secure networking rules and regulations. You need to challenge your internal IT team to think differently about the cloud.”

Another important comment was in regard to user experience and application design. Rus Healy, practice leader for virtualization at Annese & Associates, Inc., believes that “user experience is key. It’s the difference between adoption and rejection. You need to have comprehensive monitoring and firm reporting policies in place.” Healy also believes that “desktop virtualization is a way to control cloud security — having control over where the data lives, which goes hand in hand with delivery technology and service technology.”

Maureen Gaffney, a nurse and senior vice president of patient services and CMIO at Winthrop University Hospital, is currently implementing a cloud solution for RIS PACS and spoke to the obstacles of relinquishing physical control of images. “It’s hard to convince internal IT that you don’t need to maintain copies in-house.” It was at this point in the panel that all heads, both on stage and in the audience, began to nod in agreement.

At New York Queens Hospital, Dr. Kenneth Ong serves as the organization’s chief medical information officer and  requires his med students to bring their iPads and smart devices with them to class. However,  considering that most  breaches occur from lost devices, Ong questioned “what happens when a device is lost? Do you do a remote wipe? And should a physician or nurse be able to use the organization’s systems on their own devices? How can you be sure PHI data is not stored?” To which Jennings retorted, “whether it’s data at rest or data in motion, all of these situations can be rectified with good security requirements and systems.”

Clinician engagement, a vital component and often pivotal requirement for successful cloud adoption, was not left out of the discussion. At Maimonides Medical Center, chief nursing informatics officer Nancy Daurio is busy engaging physicians in all policy creation and best practice procedures so everyone feels they have a stake. “Our technologists worked with our vendors and the IT team to decide what they felt comfortable letting go of (control wise) and then worked with physicians to engage them as a team.”

Uptime and continuous availability were also a hot topic of discussion.  “IT folks in the data center worry about keeping the green lights green,” Gaffney said. “They don’t connect the dots between downtime and the systems and applications that are responsible for keeping patients safe. It is necessary to have a business continuity plan that provides access to all data at all times in the event of downtime.”

In that same light, Dr. Teo Forcht Dagi, Harvard Business School professor and partner at HML Venture Partners, shared a story about  when a rogue Mylar balloon cut the power out while he was performing surgery at Brown University Hospital. The event stuck with him and framed his thoughts for what he believes are the eight technology considerations that are integral for health care cloud success in the event of downtime, scheduled or unscheduled:

  1. Redundancy: Of data and records.
  2. Redundancy: Of data location.
  3. Time: Need to know the time it takes between submitting a request for data and the time in which that request is fulfilled.
  4. Workflow: If the power goes out, what are the steps that follow?  
  5. Accountability: Who owns the problem and who is in charge of fixing it?
  6. Device evolution: What is the impact of switching and upgrading devices?
  7. Compliance: How can you remain compliant in the world of distributed computing?
  8. Notification: Need more flags and communications to alert when an actual breach has occurred, beyond notification a potential firewall hack.

Ong agreed on all fronts, adding in that you must always ask potential cloud vendors “what is your disaster plan? Plans for unscheduled downtime?” He added that the five nines (99.999) are an uptime standard outside of health care, but seem to be a mere suggestion in the industry itself. “You need to have a clear understanding of all of these procedures before selecting a vendor — and not just for disasters, but for both scheduled and unscheduled downtime.”

The need to have a clearly defined service level agreement (SLA) was discussed as well, with an audience member chiming in with one of the most dead on comments of the session. “Push your vendors to come up with the answers. They will have them. And if they don’t, then they aren’t the right vendor.”

After Chaiken casually suggested she head up on stage to join the panelists, Dagi hit the point home.

“You must ask ‘what happens when?’, because the when will always happen.”

Jenny Laurello is the senior community manager for’s Health IT Exchange. Follow Jenny on Twitter @HITExchange!

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: