Cloud Computing

July 16, 2015

Healthcare organizations are uncertain about what cloud computing is and are not interested in leveraging it. At its most basic, cloud computing is a means of providing and using IT services that are delivered over the Internet, or cloud. These services range from software applications and systems to servers and storage. Cloud services are provided via a private cloud (IT services dedicated to a single organization), public (infrastructure and services made available to a range of customers), or a hybrid (a combination of private and public arranged to meet an organization's IT requirements). A private cloud, whether hosted or on-site, offers a greater degree of control for the organization that is using it, compared to the public cloud.

Private Data Centers remain the traditional model in healthcare. CIOs worry about any downsides that cloud computing may have on control, security, availability to critical clinical systems, (health care cannot afford computing downtime), reliability, confidentiality, data breaches and compliance with HIPAA, HITECH and PCI DSS regulations. And healthcare executives want to avoid the heavy fines and poor public relations that occur if data falls into the wrong hands. Encouragingly, studies are showing that cloud computing is no less secure than the traditional on-premise environment (see Alert Logic Fall 2012 State of the Cloud Security Report; http://www.alertlogic.com/wp-content/uploads/alert-logic-fall-cloud-security.pdf). In general, healthcare organizations may be less sophisticated or well equipped to defend from attacks as Cloud providers as providers make significant investments in implementing physical, technical and administrative safeguard technologies to help protect patient information.

Healthcare organizations are slow adopters of new technologies but they eventually embrace a mature technology that has been proven in other industries. So even though there are concerns, cloud computing is gaining traction and organizations are moving to the cloud. Innovations in virtualization, and improved access to high-speed Internet, have helped accelerated the growth of cloud computing. And cloud service providers are becoming more healthcare friendly - many are agreeable to signing HIPAA business associates agreements and conforming to government and industry regulations. This provides assurances that the business associate will protect an organization's PHI in accordance with HIPAA privacy and security rules.

Cloud computing offers a variety of services and deployment models from which healthcare organizations can choose. In a report from the 2014 HIMSS Analytics Cloud Survey published by HIMSS Analytics, a subsidiary of the Health Information and Management Systems Society; (http://www.himss.org/library/healthcare-privacy-security/cloud-security/security-survey) more than 80 percent of the 150 respondents of the survey reported their healthcare organization currently uses cloud services. It was shown that a 37.1% of the organizations chose to deploy their cloud applications on private cloud architecture, 23.4% chose public clouds and 36.3% choose a hybrid cloud model.