Healthcare Privacy and the Cloud
By Nilesh Chandra
Although there has been a significant uptick in the adoption of cloud solutions across industries, health care has lagged in adopting cloud solutions, especially for analytics applications, which involve significant processing power applied to large data sets. In this article, I explore the barriers to the adoption of cloud solutions and an approach that HIT leaders can take in the short term to prove the value of cloud solutions while reducing overall cost.
Cloud technology is rapidly emerging as a cost-effective alternative for IT by offering scalable, robust solutions for computing, often at a fraction of the cost of more traditional software. Given the increasing adoption of technology in health care and rapidly growing needs for data storage and analytics, cloud technology seems ideally suited to meet many of the industry’s needs.
For analytics uses, the data sets can be very large and are growing rapidly, driven in large part by EHR adoption, and there is a need for large-scale computing power available at short notice and for short periods of time to perform the analysis. The IT infrastructure needed to support analytics is expensive to implement and maintain and is used only for part of the time when analysis is performed. Traditional IT approaches further increase the cost by requiring that multiple environments (eg, test, development) be maintained in addition to the production environment.
Cloud solutions offer a cost-effective alternative by providing on-demand computing power and many pay-per-use payment models. Although there are many software-as-a-service solutions now available in the analytics space, a wholesale migration of large volumes of health care data to the cloud for analytics has yet to occur.
Based on discussions with HIT leaders, I believe this low rate of adoption is caused by concerns over patient privacy and data security. While cloud solutions are as secure (and sometimes even more) as in-house IT platforms, perceptions about loss of data control and the risk of data loss are the primary concerns. Until all such concerns about security and privacy protection are fully addressed, the adoption of cloud computing will be limited to only a small subset of all health care and clinical data available to organizations.
To mitigate these risks, in the short term, I propose that HIT leaders take a hybrid approach, combining cloud and internal computing environments. In a hybrid scenario, clinical data are stored on the cloud, but instead of storing identifiable patient attributes such as name and address, a unique identifier is stored on the cloud. The same unique identifier as well as identifiable attributes also is stored on internal environments.
In this scenario, analytics can be performed as needed on data stored in the cloud, and the results can be merged with patient identifier data stored locally to gain further insight. This approach allows for maximizing the advantages offered by cloud computing—scalable, on-demand computing capacity available on a pay-per-use model—while still maintaining patient privacy and lowering total cost by reducing the need for storing large data sets in-house or maintaining significant compute capacity in-house.
By taking this approach, organizations can lower their IT costs in the short term while test-driving cloud-based solutions to prove their benefits and return on investment. In the long run, I anticipate many of the concerns with storing patient data in the cloud will fade as more and more organizations start to adopt cloud solutions to meet their IT needs. Increased emphasis on taking an architecture-based approach to security for solutions and a robust approach to risk management will further improve confidence among HIT leaders.
— Nilesh Chandra is an IT strategy expert at PA Consulting Group, working with senior leaders in the areas of IT strategy, operating model design, and process transformation in health care.