February 2014
Movin’ on Up
By Elizabeth S. Roop
For The Record
Vol. 26 No. 2 P. 22
To a dee-luxe compartment in the sky, you might say, as more hospitals ship their data to the cloud.
Faced with historic volumes of data that must be securely stored yet easily accessed, hospitals are quickly moving past their fears of leveraging the cloud to manage patient information. As a result, research company MarketsandMarkets predicted that the health care cloud market would grow from 4% in 2011 with a 20.5% compounded annual growth rate between 2012 and 2017.
Indeed, many industry experts predict that as more hospitals enter Big Data territory—and identify more ways to leverage those data in real time—and adopt broader collaborative care models necessitating widespread data and resource sharing, the cloud quickly will become a central component of long-term IT strategies.
“With the amount of data being stored by providers doubling every one to two years and the need for more and more disparate systems and Big Data, cloud solutions seem like the natural fit to address these challenges,” says Richard Temple, national practice director of IT strategy for health care consulting firm Beacon Partners. “Cloud providers’ sole raison d’ être is to host data, so they should have all the right backup processes, disaster recovery and business continuity processes, and robust scaling of servicers and services in place to address needs. They also would likely have an appropriate security regimen to protect ePHI [electronic protected health information] and corporate assets, which is absolutely essential. Cloud providers may also be better suited to provide efficient forms of service delivery, such as virtual desktop integration, which can leverage existing IT assets within the health care organization to work on other things.”
Jim Tate, president of the consulting firm EMR Advocate, points to the cloud’s convenience, particularly its ability to access cloud-based systems from any location and its facilitation of greater collaboration among health care providers and organizations, as reasons why there are high expectations for its domination. Also, the cost savings realized by eliminating or reducing the hardware, software, and maintenance associated with on-site storage further increases the cloud’s appeal.
“Everything—or at least a copy of everything—is moving to the cloud. This functionality is mandated by the needs of high-level interoperability,” he says. “Cloud storage is required for the vast repositories of data that will come from a multitude of sources. Health care Big Data analysis must have access to that pool of data in the cloud. The relevant databases and related tools will not be able to deliver the promise of improved health care delivery efficiency, research based on large amounts of data, and patient and provider access to health care records.”
Sluggish Acceptance
Despite demonstrated benefits in other industries, hospitals have been slow to jump on the cloud bandwagon. The CDW 2013 State of the Cloud Report found that 35% of health care organizations were implementing or maintaining cloud computing in 2012. While that figure is up five percentage points over 2011, health care still comes in seventh in terms of both level and rate of adoption.
“While [current] growth is phenomenal, we do have to step back and admit that health care in general is late coming to the cloud compared with other industries that have moved more data into the cloud sooner,” says Andrew Litt, MD, chief medical officer at Dell. “Health care is just now coming around to it.”
While there are numerous theories on health care’s reluctance to buy into the cloud’s promise of simplicity and convenience, perhaps Michael Ball, senior vice president for North America at BridgeHead Software, a data management company, sums it up most concisely: “The health care industry is risk adverse.”
Hospitals particularly are hesitant about any technology that requires placing clinical and financial data into the hands of a third party. Questions about privacy and security have hounded cloud-based applications despite significant improvements over the past few years.
For example, in its January 2013 industry brief “Healthcare Cloud Security,” the Intel IT Center noted that health care’s security and compliance concerns were legitimate and primarily due to statutory and regulatory requirements governing the handling of PHI. However, an array of new tools and services has addressed those fears by creating a more secure cloud environment. Hospitals now can feel comfortable placing their patient data in the cloud, pushed along by the need to find some way to address the rapidly growing volume of data they are managing on a daily basis.
“While clinical data privacy and security concerns have hindered cloud adoption, the deluge of data and the competitive advantage that is associated with the intelligent use of this data will encourage increasing use of the cloud,” says Paul Capicik, who has been leading an initiative to incorporate cloud-based computing into the American Sentinel University academic programs.
A Good Time to Move
Confidence issues notwithstanding, for many hospitals the time is right to move data to the cloud. Capicik notes that health care organizations are realizing that they must use both internal and external data sources if they are to survive and succeed. “The cloud can make data easily and rapidly accessible,” he says. “Collaboration among providers; associated organizations, including government agencies; and even with patients is a fast-growing key factor in driving adaptation of cloud capability. In addition, new technologies and methods are abating the privacy and security issues.”
Litt points to several trends pushing hospitals to adopt cloud-based storage and applications. One is the explosion in the growth of imaging data that must be stored and exchanged to support value-based and collaborative care models—a need that overlaps the growth in EMR adoption.
Intermountain Healthcare is a prime example. With 22 hospitals, more than 185 physician clinics, and an affiliated health insurance company, the health system was generating terabytes of data that it ultimately asked Dell to manage. “They either had to build a new data center or find a better solution,” Litt says. “The cloud won’t make sense for everyone because of their investment cycle, but Intermountain is huge, so they made the decision [to move to the cloud] because it made sense for them to do it at that point.”
Decisions such as those faced by Intermountain are primary drivers of cloud adoption, he adds. “It’s about simplification. The more storage I have, the more staff I need to manage it 24/7. That’s expensive,” Litt says. “If I’m a CIO and I’m going to hire more staff, I’d rather hire someone who can help with something that is clinically relevant.”
Ironically, another trend is health care organizations seeking a security edge such as that offered by the cloud over on-site, self-managed data centers. “If your organization is huge, you may have all the resources you need [to manage a data center], but the average hospital doesn’t have even one expert in data security on staff,” Litt says.
Tony Cotterill, founder and chief products officer at BridgeHead Software, says the cloud bandwagon is getting crowded as more hospitals make IT upgrades. “As they retire applications, they need to park the data because they’re unsure of the regulations [governing] what to do with it. Do they have to keep it indefinitely?” he says. “A lot of people are trying to preserve data but reduce applications.”
The cloud also offers a highly appealing and affordable disaster recovery solution. While it’s mandated by HIPAA, it wasn’t until a recent spate of high-profile lawsuits and natural disasters that left facilities without access to critical data that many hospitals acted on the need for a second data center.
Virtual cloud-based servers not only offer on-demand access to data, they also represent a failsafe system to support disaster recovery strategies. They also are easily upgraded to extend the IT life cycle. “It creates low-cost storage from a physical point of view. You can put a ton of data into the cloud, which is a hospital’s main issue. And it’s an inexpensive service, courtesy of virtualization,” Cotterill says.
Finally, the cloud represents a scalable solution for supporting the abundance of mobile devices now used by clinicians at the point of care and the increased collaboration those devices enable. “With the emerging abundance of mobile devices, the cloud makes it possible to easily access the same information on any of these devices,” Capicik says. “The cloud even allows simultaneous collaboration on the same information by persons at different locations. As health care providers implement remote device data and social data collection processes, the cloud environment will become indispensable.”
The Meaningful Use Influence
No HIT discussion is complete without an examination of how meaningful use is influencing its adoption; cloud computing is no exception. The federal incentive program’s requirement that health care organizations perform periodic security assessments fits into the cloud equation in that vendors must be carefully vetted with regard to their security policies.
“With a third party hosting a significant portion of a provider’s data, that third party needs to be open to sharing its policies, procedures, and actual practices around security and HIPAA, and allow those to be documented,” Temple says. “The cloud service provider also has to commit to implementing changes that the provider deems necessary that come out of the periodic security/risk assessments that are performed.”
The cloud’s ability to facilitate fast analysis of massive amounts of data, leading to improved quality, also plays into meaningful use criteria. “Meaningful use can be a big player in cloud implementation for health care organizations,” Capicik says. “Meeting the requirements successfully will require analytics of large amounts of data, which can be facilitated by cloud adoption. It should also—and probably most importantly—foster better patient care.”
Between relieving IT costs and responsibilities and helping to create a more secure, patient-centered environment, it’s apparent why more health care organizations are taking their data to the cloud.
— Elizabeth S. Roop is a Tampa, Florida-based freelance writer specializing in health care and HIT.
Evaluating Cloud Providers
The decision to entrust clinical and administrative data to a cloud provider should not be taken lightly. When it comes to evaluating options, For The Record’s panel of industry experts offers the following advice to hospital administrators.
Richard Temple, national practice director of IT strategy for Beacon Partners: “Health care, as a vertical, really is a different animal, and my sense is that you will struggle with a service provider who doesn’t have an understanding of the unique aspects of health care data hosting wired into their DNA. Look for at least ‘four nines’ uptime—99.99%, or four minutes of downtime per month—but really aim for ‘five nines’ uptime—99.999%, or seconds per month.
“Given that lives hang in the balance in the world of health care, you also want to make sure your cloud provider has the wherewithal for automatic failover to a backup system with full access to data in the event of a downtime in the primary production system. What kind of connectivity exists between the cloud site and the user? Can they support having data rendered extremely rapidly at the provider site even if those data may actually be housed hundreds of miles away?
“Finally, how quickly can they scale up existing systems, take on new systems, and upgrade existing systems? Can they do this without nickel-and-diming you? These cloud service providers should also understand enough about the systems they host to provide some level of support on these systems.”
Andrew Litt, MD, chief medical officer at Dell: “If they won’t sign a business associates agreement under HIPAA, that should be the end of your conversation. There are large-based service providers that won’t do it, and people are putting health care data in these clouds that aren’t secured. It’s astounding to me. Why would anyone take that risk?
“Also, because we are talking about storage that you want to be there for a long time—a minimum of seven years but maybe longer—it seems to me that you have to go with a company that will be here in 10 years.
“The third piece is someone who can put together a customer solution that meets your needs. All of our solutions are hybrid; some data lives on site, and all of it lives in the cloud. Also, how do you set up sharing tools so it’s not just about storage? Every institution will be different when it comes to those.
“Finally, ask the vendor about their disaster recovery and business continuity solutions. Do they have a second center across the country or in a remote location in case the first one goes down? Is the shift transparent from one center to the other?”
Michael Ball, senior vice president for North America at Bridgehead Software: “It’s important to understand that the health care cloud strategy is a health care data management strategy. The provider needs to fully understand the intricacy and vagaries of health care data, which isn’t always the case with cloud entrepreneurs. That expertise and deep knowledge and understanding isn’t always there. Make sure that the people you’re working with fully understand all of the needs around health care data management.
“The second thing is to not put all your eggs in one basket. If they don’t offer a hybrid solution, the risk is multiplied over a company’s ability to match a solution to your organization. It needs to be understood that a cloud solution bridges both the clinical and administrative needs. Simply offering something that makes, for argument’s sake, retrieval easier isn’t going to answer the disaster recovery and business continuity questions of the CFO and CIO.”
Paul Capicik, American Sentinel University: “A cloud service provider can either make or break a successful cloud implementation. The evaluation of a provider must include technology aspects, such as the ability to handle all the types of data associated with the organization’s processes, as well as the ability to support required integration of external data from other organizations and the analytic and information presentation/visualization applications that use the data.
“The introduction of mobile devices brings a whole set of compatibility and security issues that need be considered. When considering outsourcing, there is no substitute for due diligence in confirming what a vendor can or cannot do to meet your needs. And, of course, diligent planning to determine what capability is needed when, if it’s affordable, and additional requirements such as what training is involved to ensure successful use requires involvement of all departments and levels of employees.”
— ESR