Fore­cast for cloud com­put­ing

Se­cu­rity con­cerns hin­der move into cloud ser­vices

Modern Healthcare - - Front Page - Joseph Conn

Two years ago this month, Mod­ern Health­care first re­ported on the sta­tus of cloud com­put­ing in the health­care in­for­ma­tion tech­nol­ogy in­dus­try, not­ing there was lit­tle aware­ness of its po­ten­tial and lim­ited up­take of cloud ser­vices in the health­care IT in­dus­try at that time.

To­day, cloud’s mar­ket share has grown, but only by a smidgen. What has in­creased much more is the wary ac­cep­tance that re­mote soft­ware ap­pli­ca­tions, com­put­ing power and data stor­age sys­tems “in the cloud” are likely to play a larger role in the health­care in­dus­try in the fu­ture, ac­cord­ing to in­dus­try IT ex­perts con­tacted for this story.

While the nov­elty of cloud com­put­ing is no longer an is­sue, some IT pro­fes­sion­als re­main un­com­fort­able with data se­cu­rity in cloud-based sys­tems, and their in­se­cu­rity, real and imag­ined, re­mains a key bar­rier to fur­ther adop­tion, the ex­perts say.

In Jan­uary, the Na­tional In­sti­tute of Stan­dards and Tech­nol­ogy is­sued a seven-page draft def­i­ni­tion of cloud com­put­ing, es­sen­tially a re-re­lease of a def­i­ni­tion NIST sci­en­tists had de­vel­oped at least two years ear­lier. Ac­cord­ing to the NIST, to be truly cloud-based, an IT sys­tem must have five es­sen­tial char­ac­ter­is­tics: on-de­mand self­ser­vice, broad net­work ac­cess, re­source pool­ing, rapid elas­tic­ity and mea­sured ser­vice.

Ac­cord­ing to Gart­ner, a tech­nol­ogy mar­ket re­search firm, the global mar­ket for cloud-based com­put­ing is ex­pected to grow by 20% a year in 2011 and 2012 (See chart). But the health­care in­dus­try won’t be lead­ing that charge, Gart­ner says. Only about 4% of over­all cloud spend­ing comes from the health­care in­dus­try to­day, and that share is es­ti­mated to in­crease by less than one per­cent­age point by 2012.

Stephen Ste­wart is chief in­for­ma­tion of­fi­cer for the Henry County Health Cen­ter in Mount Pleas­ant, Iowa, which op­er­ates a 25-bed crit­i­calac­cess hos­pi­tal and a 49-bed nurs­ing home, both of which use elec­tronic health-record sys­tems. Ste­wart ex­presses con­sid­er­able am­biva­lence about cloud-based ap­pli­ca­tions for health­care.

“Whereas prob­a­bly a year ago, I’d say, I’m not in­ter­ested,” Ste­wart says, to­day, “I’m pay­ing more at­ten­tion to it.” The tiny hos­pi­tal al­ready uses a cloud-based ven­dor to pro­vide it with twice-a-day data back­ups, and “I think we’ll move for­ward on one of our two spe­cialty ap­pli­ca­tions.” Still, his se­cu­rity con­cerns run deep.

“Where is my data?” he says. “Is it even in the U.S., and within the laws that I know?” Then there comes “that whole ques­tion of what is the legal record? Where is my sin­gle source of truth?”

Ste­wart’s bot­tom line re­flects his am­biva­lence. “As much as I hate to say this, for health­care, it’s an idea that isn’t quite there yet,” Ste­wart says. But, “Even for an old dog like me who has their per­sonal bi­ases, it’s a com­ing trend, and I just have to get com­fort­able with where my data is.”

Providers have good rea­son for dis­com­fort, says Michael “Mac” McMil­lan, co-founder and CEO of Cyn­er­gis Tek, an Austin, Texas,-based IT se­cu­rity firm. Cloud com­put­ing “is like ev­ery­thing else that’s new” in IT, he says. “Se­cu­rity is catch­ing up.”

“When cloud hit the scene, all you heard about was, it’s go­ing to save you all this money,” McMil­lan says. “And the truth of it is, it ab­so­lutely can. There are a num­ber of ben­e­fits with cloud com­put­ing. It can make or­ga­ni­za­tions more flex­i­ble and efficient. It helps with back­ing up and all sorts of things.” Soon af­ter cloud first ap­peared, how­ever, McMil­lan says, “they started peel­ing back the onion and found some of these cloud mod­els are not so se­cure.”

“There is what I call a pure cloud, which is a ven­dor that ag­gre­gates space across mul­ti­ple data cen­ters,” McMil­lan says. A pure cloud ven­dor is not as in­ter­ested in keep­ing a provider’s data to­gether as it is in al­lo­cat­ing space to store it. “You con­tract with this ven­dor and your data could lit­er­ally be all over the planet. It could be in Rus­sia or the Philip­pines or in Kansas.”

“One of our cus­tomers is wak­ing up to the fact that they’re in the cloud al­ready,” he says. In a rou­tine re­view of an IT ven­dor con­tract, “we just found out (the con­trac­tor) out­sourced a large part of their data stor­age to a cloud ven­dor with­out telling us. Not only did the ini­tial IT ven­dor out­source stor­age du­ties to an­other en­tity, but that en­tity out­sourced the data to an­other en­tity,” McMil­lan says. The provider or­ga­ni­za­tion “had no idea their data had been out­sourced away and went into the cloud.”

“Peo­ple re­ally need to look into who their cloud ven­dor is,” he ad­vises. Key ques­tions are: What is their busi­ness model? Do they own and op­er­ate their data ware­houses or sim­ply act as what McMil­lan de­scribes as “ag­gre­ga­tors” of cloud ser­vices, mere mid­dle­men? How is the data seg­mented?—and whether one en­tity can see an­other’s data when both are run­ning on the same servers. Can the cloud ven­dor even au­dit ac­cess to the data? Do they pro­vide en­cryp­tion, and who holds the en­cryp­tion key? Are they will­ing to own up to their role as a busi­ness as­so­ciate with legal obli­ga­tions to pro­vide ad­e­quate pri­vacy and se­cu­rity con­trols un­der HIPAA?

But se­cu­rity con­cerns, in con­trast, pushed Baylor Health Care Sys­tem to­ward cloud com­put­ing, not away. Michael Fred­er­ick, chief in­for-

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.