Go­ing sky high

Health­care ac­cel­er­ates move into cloud-based ser­vices

Modern Healthcare - - INFORMATION TECHNOLOGY -

The health­care in­dus­try is grad­u­ally over­com­ing its fears and is—fi­nally— about to get high on the cloud. The ar­ray of tech­nolo­gies com­monly known as cloud com­put­ing are com­ing into their own in health­care as a se­cure, ca­pa­ble and cost-ef­fec­tive means to pro­vi­sion com­puter hard­ware, and soft­ware and ser­vices, de­spite per­sis­tent and still lin­ger­ing con­cerns about pri­vacy, se­cu­rity and re­li­a­bil­ity.

One newer user who’s happy she jumped to the cloud is Terri Ken­drick, di­rec­tor of pur­chas­ing at Wheaton Fran­cis­can Health­care sys­tem in Glen­dale, Wis. Three of its 11 hos­pi­tals are up and run­ning on a cloud-based, med­i­cal/sur­gi­cal or­der­ing sys­tem from McKes­son Corp. in a roll­out that be­gan in Novem­ber and should wrap up by Oc­to­ber, she says.

“Se­cu­rity has al­ways been an is­sue,” Ken­drick says, so the plan to switch to a cloud­based sys­tem was scru­ti­nized. “We talked to our IS depart­ment about the en­crypt­ing and pass­word pro­tec­tion and we ad­dressed ev­ery­body’s con­cerns.”

While Wheaton’s de­part­ing in-house or­der­ing sys­tem has 60,000 items, the new cloud­based sys­tem has 1.3 mil­lion and is grow­ing, Ken­drick says, in­clud­ing “300,000 items with our pur­chase his­tory, pric­ing and for­mu­la­ries.” The cloud en­ables buy­ers to ex­pand their for­mu­la­ries and sell­ers to grow their prod­uct cat­a­logs more quickly and eas­ily.

“If you’re in the OR, you’ve gone in and built a list of your fa­vorites, be­cause you don’t want to ac­cess 1.3 mil­lion” records, Ken­drick says. “So you just se­lect an item and drop it into your shop­ping cart and it’s done.” The new sys­tem also fea­tures on­board de­ci­sion sup­port. “If it’s some­thing that’s not on con­tract, it will flag you, and be­cause it has ar­ti­fi­cial in­tel­li­gence be­hind it, it will flag you to an item that is on con­tract.”

For man­agers, “there is a dash­board that can show that this is a missed op­por­tu­nity or some­body is do­ing a bang-up job.”

Ken­drick says it’s too early to talk about re­turn on in­vest­ment in the tech­nol­ogy, but “we’re look­ing to see where those op­por­tu­ni­ties are.” Todd Tabel, vice pres­i­dent of McKes­son’s

sup­ply chain so­lu­tions unit, says the soft­ware runs in a cloud hosted by Ama­zon. The on­line re­tailer is also a ma­jor provider of cloud ser­vices. For McKes­son to­day, Tabel says, “well un­der 10%” of its sup­ply chain soft­ware is cloud-based, but “it’s come far enough in terms of adop­tion, you’ll see quicker up­take in three to five years.”

Ramp­ing up fast

Four years ago, Mod­ern Health­care took its first in-depth look at cloud com­put­ing (Aug. 10, 2009, p. 30). There was much hype but lit­tle up­take as providers’ un­fa­mil­iar­ity with the ser­vices as well as pri­vacy and se­cu­rity fears held back cloud adop­tion. Two years later (Aug. 8, 2011, p. 32), in an up­date, there was more hype, some cloud use, but trep­i­da­tion re­mained high.

This year, clouds are sweep­ing in, pri­mar­ily used in sup­ply chain, hu­man re­sources and other busi­ness-side ar­eas where lit­tle pa­tient in­for­ma­tion is in­volved. And while pri­vacy and se­cu­rity is­sues re­main, wide­spread ac­cep­tance— even for clin­i­cal ap­pli­ca­tions—seems just over the hori­zon, par­tic­u­larly in less scary “pri­vate clouds.” One mar­ket re­searcher pre­dicts nearly a six-fold in­crease in cloud spend­ing by 2020.

Flex­i­bil­ity, the abil­ity to rapidly add new soft­ware pro­grams and ser­vices as needed; scal­a­bil­ity, the ca­pac­ity to ex­pand as health­care or­ga­ni­za­tions con­sol­i­date; and func­tion­al­ity, the power to har­ness the ubiq­uity of the In­ter­net, are ma­jor cloud driv­ers, health IT ex­perts say.

Mean­while, many new health­care soft­ware de­vel­op­ers are cloud dis­ci­ples.

“Cloud com­put­ing al­lows you to scale,” says Siva Nadara­jah, CEO of Se­man­telli, a Bridge­wa­ter, N.J., mar­ket re­search firm ac­quired in April by IMS Health. Se­man­telli launched its Web­based ser­vice two years ago, help­ing health­care or­ga­ni­za­tions sift through the flot­sam of so­cial me­dia for busi­ness in­tel­li­gence. Build­ing his busi­ness in the cloud was the only way to go, Nadara­jah says. “The cloud al­lows you ac­cess to the lat­est ver­sion of the soft­ware. The ac­ces­si­bil­ity of your soft­ware to your clients be­comes seam­less.”

What is a cloud? It’s not “cloud­wash­ing,” a pe­jo­ra­tive de­scrip­tor for the all-too-wide­spread mar­ket­ing gim­mick of slap­ping the word “cloud” on any old soft­ware that touches the Web. Think of the cloud as “a whole col­lage of tech­nolo­gies and stan­dards,” says Ti­mothy Grance, se­nior com­puter sci­en­tist at the National In­sti­tute of Stan­dards and Tech- nol­ogy, who worked on a NIST ef­fort to de­scribe and define cloud com­put­ing (See chart, p. 32).

Ac­cord­ing to tech­nol­ogy watcher For­rester Re­search, cloud com­put­ing glob­ally, across all in­dus­tries, will grow from a $41 bil­lion mar­ket in 2011 to $241 bil­lion by 2020. The “pri­vate cloud” niche will ex­pand from $7.8 bil­lion in 2011 to $15.9 bil­lion by 2020.

Erik Wester­lind, a re­search di­rec­tor with KLAS En­ter­prises, which spe­cial­izes in health­care IT mar­ket re­search, looked at 16 ven­dors of cloud ser­vices to hos­pi­tals. “True clouds” are rare in health­care, but “hy­brid clouds,” used by EHR ven­dors to host their own sys­tems, were the most com­mon, his re­search found. Twothirds of his sur­vey re­spon­dents who were not us­ing cloud ser­vices in­di­cated se­cu­rity was still their big choke point.

Dark clouds re­main

The specter of cloud in­se­cu­rity is not limited to health­care.

North Bridge Ven­ture Part­ners, a Waltham, Mass.-based in­vest­ment firm, in May re­leased

its third an­nual sur­vey re­port on the fu­ture of cloud com­put­ing across mul­ti­ple in­dus­tries. In it, North Bridge gen­eral part­ner Michael Skok says the cloud is “on an un­stop­pable rise.” Of the 855 sur­vey re­spon­dents, 65% cited re­li­a­bil­ity/band­width/com­plex­ity as main con­cerns, while 63% iden­ti­fied reg­u­la­tory com­pli­ance and pri­vacy is­sues.

“Maybe 70% of the or­ga­ni­za­tions we’re see­ing are us­ing cloud ser­vices of one kind,” says se­cu­rity pro­fes­sional Mac McMillan. “Providers have em­braced the cloud when it comes to non­clin­i­cal data—sup­ply chain, en­ter­prise re­source plan­ning and hu­man re­sources—things that don’t have the same type of rigor around them in terms pri­vacy and se­cu­rity” as pa­tient med­i­cal records, says McMillan, CEO of Cyn­er­gisTek, an Austin, Texas, se­cu­rity con­sul­tancy.

“With clin­i­cal data, when it comes to ac­count­ing for dis­clo­sures and back­ing up that data, and know­ing where it is, that’s when they get ner­vous about the cloud,” he says. For pa­tient-iden­ti­fi­able in­for­ma­tion, such as in EHRs, “pub­lic cloud in­fra­struc­tures are just a non­starter,” he says. “Pub­lic cloud ven­dors rent space from data stor­age fa­cil­i­ties around the globe. You could have some of your data in a data cen­ter in L.A., or in Canada, or in Mex­ico, wher­ever they have space. Scat­ter­ing it all over the uni­verse just doesn’t work.”

In con­trast, pri­vate clouds, which can spec­ify data stor­age lo­ca­tions, “do have a play when it comes to clin­i­cal data,” he says.

Four years ago, Robert Gell­man, a pri­vacy lawyer in Wash­ing­ton, in a white pa­per for the World Pri­vacy Fo­rum, pre­sciently warned of a po­ten­tial threat from con­sumer-ori­ented clouds if an em­ployee “makes an ad hoc de­ci­sion to share data with a cloud provider” with­out check­ing the cloud provider’s terms of ser­vice.

That’s a huge po­ten­tial no-no, be­cause the Health In­sur­ance Porta­bil­ity and Ac­count­abil­ity Act, the main fed­eral elec­tronic health in­for­ma­tion pri­vacy and se­cu­rity law, obliges providers to sign busi­ness as­so­ciate agree­ments with han­dlers of their pa­tient data, and also be­cause the terms of ser­vice of many cloud providers “al­low the provider to pub­lish any in­for­ma­tion stored on its fa­cil­i­ties,” Gell­man says.

Late last month, Ore­gon Health & Science Univer­sity in Port­land an­nounced some physi­cian res­i­dents had posted their pa­tients’ data to Google’s cloud-based e-mail and file-shar­ing ser­vices. The data could have been used for “op­er­at­ing, pro­mot­ing and im­prov­ing (its) ser­vices, and to de­velop new ones,” un­der Google’s terms of ser­vice, the univer­sity state­ment says. The breach prompted OHSU to mail no­tices to more than 3,000 pa­tients and re­port it to the Of­fice for Civil Rights at HHS, the fed­eral en­force­ment agency un­der HIPAA.

OHSU spokesman Jim New­man con­firmed the univer­sity did not have a busi­ness as­so­ciate’s agree­ment with Google.

Some prom­i­nent cloud ser­vices ven­dors are step­ping up to meet HIPAA re­quire­ments. In April, cloud ser­vices provider Box an­nounced it would sign busi­ness as­so­ciate agree­ments with providers, en­crypt health­care data in tran­sit and “at rest,” and pro­vide au­dit trails to iden­tify who ac­cesses health records, all HIPAA-linked pre­cau­tions.

Se­cu­rity worries aside, “health­care is def­i­nitely go­ing to the cloud,” says Kathryn Coburn, a Santa Mon­ica, Calif.-based lawyer spe­cial­iz­ing in health IT, pri­vacy and se­cu­rity with Cooke, Ko­brick & Wu. “That’s what I hear from my clients. This is a wave that’s not go­ing to be stopped.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.