Healthcare Cloud Computing

Posted on August 21, 2012 by

by Lee Kim, Esq., President-Elect, Western Pennsylvania Chapter of HIMSS

The “cloud” (in computing) is not a new concept.  If you use web-based e-mail, then you probably are tapping into the “cloud,” because the remotely hosted application and information are pushed to you “on demand” based upon your needs.  For a more expansive definition of cloud computing, please see the National Institute of Standards’ definition (NIST Special Publication No. 800-145).

Healthcare providers are also turning to the cloud to remotely host their applications and data.  Their reasons for doing this are generally to save money and/or to help ensure data is secure and available. 

Lee Kim, Esq.

You might ask: why outsource applications and data when I can maintain these things in-house with my own IT staff?  Keeping up IT infrastructure is expensive, and making sure technology is secure can be a daunting task.

On the other hand, cloud computing providers maintain world-class computing resources with robust network connectivity and security.  They generally have highly secure data center facilities to help ensure the security, availability and integrity of the applications and data that they host for customers. 

Healthcare providers can take advantage of the cloud computing provider’s resources at relatively little cost. 

However, not all cloud computing providers are the same. Here are five factors to consider.

Time in the Marketplace

  • Some cloud computing providers have been around for over a decade, while others have been around for only a few years. 

Availability of Resources

  • You should ensure that the cloud computing provider’s network resources and servers are highly available (e.g., 99.9%).  Usually, cloud computing providers guarantee network and server availability in their service level agreements (SLAs).

Security

  • Some cloud computing providers may be more secure than others. 
  • You may want to see if you can obtain a copy of the cloud computing provider’s security policies and most recent audit report (e.g., SSAE16).  (There are many other business and technical considerations as well.  These are but a few.)

Bear in mind, too, that you should also keep in mind the security of your own computer systems

  • Some cloud computing providers also offer remote infrastructure management (RIM) services for managing endpoint security. 

Network Connectivity to the Cloud

You also should make sure your network connectivity is reliable and robust enough (e.g., sufficient bandwidth) to access the applications and information that are remotely hosted by the cloud computing provider. 

  • This may mean that you may need to “upgrade” your network capabilities before going to the “cloud.”

Written Contract or Agreement

Finally, the cloud computing provider should be vetted not only for its technological capabilities, but also, in terms of what the provider is willing to commit to in writing by way of a written agreement.  To that end, you may wish to consult with your IT staff and attorney.

Lee Kim, Esq., is an attorney with Tucker Arensberg, PC, in Pittsburgh, Pa.

 

About Joyce Lofstrom, MS, APR

Joyce Lofstrom, MS, APR, is HIMSS Director, Corporate Communications.
This entry was posted in Blogging, Health IT News and Developments, Patient-Centered Systems, Privacy and Security and tagged , , , , , . Bookmark the permalink.

4 Responses to Healthcare Cloud Computing

  1. Rob Hemmerich says:
    August 21, 2012 at 3:58 pm

    All of the factors listed here are reasonable. I would add a few points:

    1. different applications have very different requirements. A 99.9% availability sounds impressive but translates to 8h of downtime a year, a number perhaps too high to tolerate on clinical systems.

    2. Many systems we have dealt with are considering using “the cloud” to augment their already existing private clouds. Choosing a public cloud vendor who can cope with this reality is important too.

    3. Connectivity to any data center, whether it is in your cloud or that of a provider, needs to be application-fluent. The real-time performance requirements of hosted email are very different from thin-client access to an EHR.

    Reply
  2. Lee Kim, Esq. says:
    August 21, 2012 at 5:06 pm

    My thought about availability is that, if the clinical system needs to be 24×7, then 99.9% availability may not cut it (for obvious reasons). But, if it is a physician office with set office hours, then 99.9% availability may not be a problem.

    Reply
    • Rob Hemmerich says:
      August 22, 2012 at 7:58 am

      I think that’s exactly right. A 9-5 operation is certainly able to cope with a lower reliability than a round-the-clock facility. Problems begin when mission critical applications or facilities don’t invest sufficiently in their infrastructure: a 99.999% availability architecture will necessarily cost more than a 99.9% one. And that’s ok. You have to adapt your investment to the needs (and risk tolerance) of the business.

      Reply
  3. Cloud computing says:
    September 21, 2012 at 4:08 am

    Connectivity to any data center, whether it is in your cloud or that of a provider, needs to be app-fluent. The real-time performance requirements of hosted email are utterly different to streamlined-customer access to an EHR.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s