Heading for hybrid: the state of cloud in healthcare
Dr. Tim Calahan, Director of Healthcare Product Strategy & Management at Virtustream gives his analysis of the state of cloud in the global healthcare space.
A fundamental change is underway in the healthcare industry. Hospitals, walk-in centers and doctor’s offices are undergoing a digital transformation, integrating their electronic health record (EHR) platforms with new patient engagement systems and emerging precision health platforms. They have three primary goals: improve the quality of care, empower patients to take control of their health, and reduce the cost of IT operations.
The increasing complexity of the healthcare IT landscape is driving healthcare organisations to consider new options that can embrace digital strategies and increase agility while reducing costs. Worldwide, security mandates are understandably strict to protect personal health information, with country-level regulations and requirements adding additional layers of complexity. While on-premises solutions may offer perceived advantages, industry leading healthcare providers are closely examining enterprise cloud options for hybrid and off-premises deployment models that meet or exceed high security and compliance requirements, while offering utility-based billing and cloud-based agility and flexibility. For enabling digital healthcare transformation, enterprise cloud services provide a host of avenues to support healthcare providers.
Cloud enables healthcare transformation
While there are plenty of drivers for healthcare providers to adopt a cloud solution, there are also several factors inherent to a cloud offering that make this model attractive for more widespread adoption. A cloud solution can enable the transformation of hospitals, walk-in centers and doctor’s facilities by providing benefits that cannot be delivered through an on-premises deployment. Cloud deployments can address the changing budgetary needs of healthcare providers by shifting budgets to an operating model, thereby stabilising IT spend. Not only can a cloud platform cost less than an on-premises option, but it can also provide a greater time-to-value for the investment. This value is seen through lower startup costs, non-disruptive upgrades, increased agility to easily redeploy infrastructure resources, pay-for-use models, and the flexibility to scale-up resources during intensive development and usage, and, in turn, scale-down resources based on an organisation’s needs.
Enterprise cloud services can also provide the highest service levels for availability. Built with redundancy and business continuity by design, a managed EHR platform, when overseen by an enterprise-class cloud provider, can deliver up to 99.999% service level agreements (SLAs) for infrastructure availability, which is less than 6 minutes of unplanned downtime per year. Conversely, an on-premises solution can face limitations in the speed of deployment and scalability and it could be costly to meet comparable business continuity guarantees.
Hybrid is the way for healthcare IT
Hybrid architectures for mission-critical, highly connected environments are not new. In fact, it is the most common deployment model today. Enterprises regularly leverage and combine legacy on-premises environments with off-premises cloud services. The cloud environment must be thoroughly controlled, blending the best practices, procedures and security standards of both the healthcare provider and the partnering cloud company. It’s important to partner with an enterprise cloud service provider with deep experience working with healthcare organisations, and with experts on staff for planning, ongoing support and consultation.
Also, the application interdependencies need to be well understood. For example, it’s advised to have applications with high data interchange rates or with very low latency requirements to reside in the same location. This means that during the planning and assessment phase of any potential migration it’s critical to keenly understand the application landscape and varying performance requirements.
When moving any part of the healthcare IT landscape, including the EHR systems, to a cloud solution, it’s imperative to know who manages the applications and the interfaces that keep data moving smoothly between the separate systems. It’s also important to distinguish between the infrastructure operations in addition to the technical and the functional management of the applications. It must be well scoped, correctly implemented and comprehensively managed. When done correctly, the management of the entire healthcare IT landscape can provide the same or better service than an on-premises model, with potentially much lower delivery costs.
What to look for in a cloud provider
Healthcare organisations should partner with a cloud service provider that offers a full suite of security and compliance capabilities, guarantees the safety and security of patients’ health data, and delivers true “cloud” benefits such as pay-as-you-go, scale-up, scale-down and rapid deployment. Also, make sure there is always someone to call: a 24/7 white-glove service is critical to keeping healthcare IT systems, including EHRs, running around the clock while compressing costs. A 24/7 service will provide for rapid incident resolution, effectively dealing with problems as incidents become apparent. Lastly, healthcare organisations should search for a cloud provider who can monitor and manage the cloud environment to deliver proactive governance and preventative measures to determine potential issues and deal with them before they become a threat.
By choosing a cloud provider who can provide this level of performance, governance and security along with the utility cost benefits and flexibility of a cloud environment, a healthcare provider can make a positive impact on its current IT infrastructure. Additionally, the healthcare provider can efficiently and effectively modernise its systems and applications and transform IT to be future-ready, freeing the provider to put its attention on what matters most – the health and wellness of its patients.
Getting ready for cloud data-driven healthcare
As healthcare continues to recognise the value of data and digital transformation, many organisations are relying on the cloud to make their future-forward and data-centric thinking a reality. In fact, the global healthcare cloud computing market was valued at approximately $18 billion and is expected to generate around $61 billion USD by 2025.
At the forefront of these changes is the rapid adoption of cloud-based, or software-as-a-service (SaaS), applications. These apps can be used to handle patient interactions, track prescriptions, care, billing and more, and the insights derived from this important data can vastly improve operations, procurement and courses of treatment. However, before healthcare organisations can begin to dream about a true data-driven future, they have to deal with a data-driven dilemma: compliance.
Meeting regulation requirements
It’s no secret that healthcare is a highly regulated industry when it comes to data and privacy – and rightfully so. Patient records contain extremely sensitive data that, if changed or erased, could cost someone their life. This is why healthcare systems rely on legacy technologies, like Cerner and Epic EHRs, to manage patient information – the industry knows the vendors put an emphasis on making them as secure as possible.
Yet when SaaS applications are introduced and data starts being moved into them, compliance gets complicated. For example, every time a new application is introduced into an organisation, that organisation must have the vendor complete a BAA (Business Associate Agreement). This agreement essentially puts the responsibility for the safety of patients’ information — maintaining appropriate safeguards and complying with regulations — on the vendor.
However, even with these agreements in place, healthcare systems still are at risk of failing to meet compliance requirements. To comply with HIPAA, U.S. Food and Drug Administration 21 CFR Part 11 and other regulations that stipulate the need to exercise best practices to keep electronic patient data safe, healthcare organisations must maintain comprehensive audit trails – something that gets increasingly difficult when data sits in an application that resides in the vendor’s infrastructure.
Additionally, data often does not stay in the applications – instead healthcare users download, save and copy it into other business intelligence tools, creating data sprawl across the organisation and exposing patient privacy to greater risk.
With so many of these tools that are meant to spur growth and more effective care creating compliance challenges, it begs the question: how can healthcare organisations take advantage of the data they have without risking non-compliance?
Yes, healthcare organisations can adhere to regulations while also getting valuable insights from the wealth of data they have available. However, to help do this, organisations must own their data. This means data must be backed up and stored in an environment that they have control over, rather than in the SaaS vendors’ applications.
Backing up historical SaaS application data directly from an app into an organisation’s own secure cloud infrastructure, such as AWS or Microsoft Azure, makes it easier, and less costly, to maintain a digital chain of custody – or a trail of the different touchpoints of data. This not only increases the visibility and auditability of that data, but organisations can then set appropriate controls around who can access the data.
Likewise, having data from these apps located in one central, easily accessible location can decrease the number of copies floating around an organisation, reducing the surface area of exposure while also making it easier for organisations to securely pull data into business intelligence tools.
When healthcare providers have unfettered access to all their historical data, the possibilities for growth and insights are endless. For example, having ownership and ready access to authorised data can help organisations further implement and support outcome-based care. Insights enabled by this data will help inform diagnoses, prescriptions, treatment plans and more, which benefits not only the patient, but the healthcare ecosystem as a whole.
To keep optimising and improving care, healthcare systems must take advantage of new tools like SaaS applications. By backing up and owning their historical SaaS application data, they can do so while minimising the risk to patient privacy or compliance requirements. Having this ownership and access can propel healthcare organisations to be more data-driven – creating better outcomes for everyone.