Let’s talk about The Cloud and Hospitals for a minute. At a session I attended at CHIME a hospital CIO said, “There’s still a lot of unknown with cloud.”
At first I was a little taken back by the comment. As an IT guy, it seems like cloud has been around forever. Plus, I would bet that every single hospital has a number of cloud based IT systems in their IT environment.
What then could be the unknown issues with the cloud that this CIO was talking about?
I found this really great resource on the IBM website about the cloud and healthcare. They hit on what is probably the biggest unknown with the cloud, HIPAA. Here’s a section which describes why it’s such an unknown.
Cloud providers hold a unique position as BAs entrusted with EPHI. When HIPAA was enacted, the concept of “the cloud” didn’t exist and probably could not have been predicted. Covered entities and other BAs are increasingly choosing to store health information in the cloud.
Then he adds in these cloud challenges:
Transferring data to the cloud comes with unique issues that complicate HIPAA compliance for covered entities, traditional BAs, and now cloud providers themselves. They include issues of control, access, availability, shared multitenant environments, incident preparedness and response, and data protection
All of these should provide any hospital CIO a moment of pause. As another hospital CIO I talked with said, “we’re still doing the cloud, but we are careful about who we work with in the cloud and how we do it.”
I think this will be the reality for the forseeable future. It takes a really well done trusted relationship for a hospital to trust a cloud provider. In the small ambulatory practice space it’s very different since there’s little doubt that the cloud provider can do much better than your neighborhood tech guy. However, this is not the case in hospitals where the decision to use the cloud or your existing in house IT staff and resources is much more complex.
The reality is that every hospital is likely going to have a mixed hosting strategy with some software hosted in house and some software hosted in the cloud. This means that every hospital CIO is going to have to figure out the cloud even if there’s still some difficult to answer questions.
John,
Excellent point regarding HIPAA and the cloud. GNAXHealth agrees.
In working with hospitals, we find that hosting one, two or several second tier applications in the cloud is a practical and cost-effective way to get started. Here are 5 other steps we suggest in healthcare:
1. Fully understand your data center costs today
2. Evaluate all three cloud options for each application: computing, storage, collocation.
3. Respond to two key organizational concerns: finance and security.
4. Make a long-term plan for cloud adoption (5,10,20 years down the road).
5. Choose the right cloud partner.
Not all clouds are created equal. There are specific requirements for healthcare that must be met.