While it may seem that “the cloud” has become a trendy buzz phrase, many facilities have indeed found it to be a viable solution to record management woes and data storage concerns.
Cloud storage involves housing data on off-site, virtual servers hosted and maintained by third-party vendors. Information technology (IT) infrastructure assets are delivered over the Internet to users on a utility basis. Service options include private in-house data storage systems, public storage, or a mix of public and private solutions known as the “hybrid” cloud.
It is necessary for healthcare IT professionals to define and adopt strategies that benefit their organization based on their unique needs and priorities.
“With advances in virtualization, on-demand provisioning and network throughput, cloud storage has become a viable and cost-effective alternative to on-premise implementations,” said Paul Vienneau, chief technology officer and senior vice president of engineering at NaviNet, a healthcare communications network and technology company. “Given the increased data streaming into healthcare IT organizations and the recognition of big data-backed analytics as a strategic enabler, near real-time acquisition and elasticity of storage has become a critical concern. Balanced with rigorous protected health information (PHI) security and governance measures, cloud storage is now a feasible option for IT departments to consider going forward.”
At Beth Israel Deaconess Medical Center in Boston, cloud technology is utilized in many forms, including both public and private clouds, according to John D. Halamka, MD, MS, chief information officer.
“Cloud-based approaches have reduced cost, increased reliability and enhanced the functionality of all our image management applications,” Halamka said.
Due to competition for resources, changing priorities, and concerns over security, cost and logistics, cloud-based storage systems have gotten off to a slow start in the healthcare arena.
“If information security is there and [vendor] availability is taken care of, I think it will actually be a surprisingly painless process,” said Juha Holkkola, managing director of Nixu Software.
The following issues have been identified as the top barriers to adopting the cloud in healthcare:
Those concerned about the security of private data might consider the advantage of entrusting records to an agency whose model for success depends on the effective protection and management of sensitive data. This might be much less risky than allowing data to be distributed across a variety of platforms by multiple users with varying degrees of security knowledge.
“Information security is the starting point, so since you have all this confidential and sensitive data, you obviously need to make sure that whatever cloud-based approach that you take, that the information security is there,” Holkkola said. “Ideally, you would have your own dedicated storages and would use things like identity management so that only authorized people will gain access to the data.”
Integration with Internal IT Applications
Platform-specific issues can be a major concern for providers considering the cloud, especially if their fundamental systems rely on certain technologies to function. Holkkola said, “Especially in healthcare, you can’t afford to have systems that aren’t working together.” He adds that today’s vendors typically know how to migrate data from standard solutions.
Performance and Reliability
Before signing a contract, healthcare providers need to have service-level agreements in place with their cloud vendor. These agreements should outline expectations in regards to system performance and uptime.
A cloud vendor also should have a solid understanding of the nuances of medical imaging data and clinical workflow.
Regulatory and Compliance
The HIPAA Security Rule requires that no confidential health information be disclosed to unauthorized persons. In addition, electronic health records (EHR) may not be altered in an unauthorized manner and must be accessible on demand by authorized parties. The HIPAA Security Rule is flexible in that it allows covered health entities to put customized solutions into place, but all entities must:
• Ensure the confidentiality and accessibility of all records they create and maintain;
• Identify and protect against security threats;
• Protect against unauthorized disclosures of information;
• Ensure compliance from personnel.
Providers also are required to periodically review security measures to ensure the ongoing protection of patient information.
Meaningful use is the set of standards that was defined by the Centers for Medicare & Medicaid Services (CMS) Incentive Programs to govern and promote the use of EHRs while improving healthcare in the U.S. While Stage 1 of meaningful use focused on capturing and sharing patient data, Stage 2 focuses on advancing clinical processes.
The U.S. Department of Health & Human Services provides Security Guidance education materials to help providers learn the standards for safeguarding electronic health information.
A clinically useful cloud solution offers the capability to function between different storage products and picture archiving and communication systems (PACS). A vendor that imposes limitations on the access and management of records can make the provider feel as though they do not truly own their information. Healthcare providers should choose a vendor that allows them freedom to manage stored images and documents.
Transparency of Cost
IT cost transparency incorporates operational data, such as monitoring and asset management, with financial information, such as software costs, hardware purchases, facilities charges, and labor. Data is tracked to identify trends and measure the impact of changes to help managers address cost and make improvements.
Several studies have estimated the cost of implementing EHR systems. According to HealthIT.gov, those estimates range from $15,000 to $70,000 per provider, with costs varying based upon the type of deployment (web-based or in-office).
Healthcare providers can use the government’s HITRC portal’s Total Cost of Ownership and Return on Investment tool to estimate their cost of EHR ownership.
Because natural and man-made disasters have the capability to stall operations, sensitive data should be replicated in multiple geographically diverse locations. Disaster recovery is a vital piece of the cloud puzzle and vendors should be transparent about data center locations as well as their disaster recovery plans.
While these barriers may prevent some in healthcare from swapping out their systems, a recent report from MarketsandMarkets indicates that the global healthcare cloud computing market will be worth $5.4 billion by the year 2017. Ready or not, cloud technology is here and likely to remain on the healthcare horizon.
By Stephanie Ogozaly
ADVANCE for Imaging & Radiation Oncology