The rise in the use of cloud apps by today's workforce has provided many organizations with quick and easy ways to test drive innovations and use services with little infrastructure complexity and investment. SaaS-based applications range from simple mobile apps and clinical support tools to project collaboration platforms that allow users to participate in complex initiatives. Hospital CIOs recognize that many of the requests for healthcare cloud applications are the result of end users looking to technology for ways to work more efficiently and effectively. However, this leads to an issue around data governance and app management.
It is not uncommon for hospital IT to discover that some of their users are using cloud-based healthcare applications without consulting IT. Users can go online, sign up and start using many cloud services within minutes. This poses some risks since the data being stored may consist of protected health information or sensitive data that must remain inside the hospital environment. Users in these cases are not fully aware of the consequences of putting sensitive data in the hands of external entities that IT has not vetted as meeting HIPAA and other compliance requirements.
CIOs recognize the value of empowering their users with the right tools to address their end users' challenges. As part of their leadership role, there are many considerations CIOs must take into account to ensure that third-party healthcare cloud applications are properly used and add value to the organization.
Address security and compliance at once
Security is one of the biggest concerns CIOs and CISOs have when it comes to allowing cloud apps in their organization. Not only is the data hosted outside of their controlled environments, but there are no effortless ways for IT to ensure that the practices by the third-party vendors are in fact HIPAA compliant. IT must make sure users can only subscribe to approved cloud-based healthcare apps and services that meet the hospital's compliance requirements.
Be clear about cloud app policies and procedures
Apps today can be downloaded and used within minutes. Unfortunately, this makes it impossible for some users to resist the temptation of downloading and testing available apps. In some cases, end users are not fully aware of what platforms meet or fail to meet workplace compliance requirements. IT can address that issue by educating users about the existing policies and restrictions for installing and using third-party cloud-based healthcare apps, as well as the security concerns and reasons behind any restrictions.
Be open to cloud-based and innovative apps
Hospital IT should recognize that they might not be aware of all the challenges that their end users face on a daily basis. Receiving requests for new cloud-based healthcare applications should be seen as a way to identify some of the potential needs their end users have that current systems are not able to address. This allows IT to learn what services are popular among users.
Centralize cloud subscription tracking and management
Another aspect of many of today's cloud apps is the ease of adding users and functionality. With that ease comes the challenge of accounting for all the different subscription costs. There are several tools that help IT track assets and licenses. To make sure the appropriate monthly costs are tracked, all purchases for third-party cloud apps must follow the same process as other IT purchase requests.
Share the successes
While some apps are specifically designed for healthcare use cases, there are other services like project management or collaboration platforms that can be used across multiple teams. IT must identify which implementations have been successful and attempt to duplicate the success in other departments by sharing best practices and success stories.
With more cloud-based healthcare applications moving toward a SaaS model, hospital IT has been adapting to the changes in where data lives. However, as cloud apps become more popular, IT will face the daunting task of keeping the applications in check. IT must also work toward ensuring that end users see them as enablers and not an impediment to innovation, and users will have to recognize the importance of consulting IT to ensure the security and protection of data.
Misconceptions that prevent cloud use in healthcare
Healthcare CIOs believe the cloud is secure
How does the cloud affect healthcare security?