Cloud computing offers incredible opportunities to improve healthcare, reduce costs and accelerate ability to adopt new IT services.

The healthcare industry is looking to technology to improve patient care and efficiency. So it’s no surprise that many healthcare organizations have been looking closely at the advent of perhaps the biggest upheaval in information technology since the invention of the Internet itself: cloud computing.

Cloud computing offers incredible opportunities to improve healthcare, reduce costs and accelerate the ability of the healthcare industry to adopt new IT services. So if the benefits are so compelling, why do many in the industry still question whether the move to cloud computing is the right one?

Cloud computing, as a broad term, refers to a whole range of IT services, usually delivered over the Internet. These services can generally be broken down into three types (although grey areas still exist).

First, there is “software as a service” (SaaS). This is probably the model most people are familiar with: Software applications are accessed through the Internet, often directly through a browser. “Platform as a service,” aimed at developers, provides an environment and tools, again accessed over the Internet, with which to build custom applications. Finally, “infrastructure as a service” presents users with the ability to host computing services (or store data) of their own on a remote site.

Healthcare organizations are already looking at and using SaaS applications, and this is probably the area where you will see rapid growth in cloud adoption driven centrally. This could include everything from a HIPAA-compliant hosted exchange to cloud-based billing and patient-management applications.

At the other end of the scale, consumer-focused file storage and sharing services, such as Dropbox and Box.net, are making rapid inroads in healthcare organizations, driven by a bottom-up need to quickly share and collaborate in an informal way.
What all the models have in common is that they utilize a third-party’s resources, accessed over the Internet, and delivered on a pay-as-you-go model that is both highly scalable (meaning that when you need more, it’s available) and often shared with other customers.

What’s clear is that the potential for cloud computing to revolutionize information-technology use is immense. Instead of having to plan months in advance to deploy a new patient billing system, the same application could be available instantly, on demand, with little or no up-front costs.

No longer restricted by the capacity of centrally managed IT departments and shackled to long lead times for deployments, the cloud has the potential to accelerate the healthcare industry’s ability to deploy systems, adapt to new opportunities and streamline costs.
Yet, with all these benefits, cloud adoption is far from proceeding at breakneck speed. While the cloud delivers a lot of potential benefits, a healthy dose of caution is also in order. Any industry that relies on handling highly sensitive information needs to think very carefully before adopting cloud services.

The reason is simply that most of the benefits of the cloud are possible because the data-processing services are provided on someone else’s systems. And those systems can be provided cheaply, usually because they are shared among many other customers. For the healthcare industry, it’s not hard to see why this could be a problem. A single breach at a cloud service hosting medical records could trigger a wave of HIPAA/HITECH-related breach notifications that could be incredibly expensive and affect many organizations.

Ensuring that the data housed in cloud services is secure and protected is the single biggest barrier to widespread cloud adoption in the healthcare industry, as it is in many other privacy-conscious industries. Compounding the problem is that while the service providers will do their best to keep information safe, the processes and systems in place to maintain that security are rarely visible to the customer, leaving questions over compliance and auditing requirements very much unanswered.

So it’s no surprise that a recent “Healthcare IT Insights and Opportunities” report by CompTIA (Computer Technology Industry Association) showed that while the adoption of new technologies, such as smartphones and tablets running medical applications, was growing rapidly (likely to grow to 50 percent of doctors within a year), adoption of cloud services was a rather sickly 5 percent.

How realistic are the concerns expressed over cloud computing? Part of the problem is that it’s actually very difficult to say – something no security or risk-management officer wants to hear. Cloud computing still has a long way to go to reach maturity, and the difficulty of measuring the risks of this new approach should not be underestimated.

The main concerns are, of course, the confidentiality and availability of the data that is stored in the cloud. And regardless of the company offering the services, the possibility exists for a problem with either. Earlier this year, Amazon, one of the largest providers of cloud services, suffered a serious outage of its AWS Elastic Block Storage, leaving many business websites off line.

Likewise, one of the largest providers of on-demand cloud storage and collaboration, Dropbox, announced in June of this year that due to a problem with their authentication systems, any user could theoretically access the accounts of any other. While the problem was short lived, the fact that it happened at all underlies the risk of assuming that data in the cloud is secure.

Other concerns arise from the shared nature of the infrastructure. Many shared cloud services rely on deploying virtual machines to maximize the efficiency of the provider’s investment in hardware. And while attacks on virtual servers have been largely confined to the lab, the very real possibility still exists that an attack could compromise one system on a shared host and use that foothold to gain access to other hosted servers in order to steal information or entire server images.

Underlying most of the concerns regarding the security of cloud services is that it is difficult to measure the risk posed by third-party providers’ servers, processes and personnel. Without the ability to monitor and review such processes, it can be difficult to ensure that risks are under control and compliance requirements are being met.

So where does cloud computing make sense for the healthcare industry? Clearly, there are concerns over the security of sensitive data moved into shared cloud environments, and to some degree those concerns are justified. However, for information that is not sensitive, typically not personally identifiable data, the cloud can offer both significant savings and the ability to quickly adopt new services and software.

Software services, such as email, are obvious candidates to move early to cloud providers. Likewise, the cloud offers considerable opportunities to collaborate and store information for access almost anywhere.

As more specialist medical cloud services are launched, it is likely they will directly address some of the privacy and compliance concerns that exist with more general-purpose cloud offerings.

For many healthcare organizations, the lure of cloud computing is already forcing a serious review of the risks and benefits associated with adopting these new approaches. Indeed, for many the question of whether or not to adopt cloud computing is already moot. Consumer-focused cloud services, especially for file storage and collaboration, have already permeated many organizations through services like Box.net, Dropbox and iCloud. Windows 8 will arrive with cloud storage already embedded in the form of Skydrive, further eroding the ability of IT and security departments to control cloud storage use.

As a result, many are looking for ways to rapidly make cloud storage, and ultimately other cloud services, safer. Foremost in these efforts are technologies that provide what is generally termed “data-centric” security. These approaches provide protection to data regardless of where it resides; whether that’s on a laptop, a thumb drive or in the cloud. Encryption, and to a lesser extent tokenization, will form the backbone of such solutions, and the state-of-the-art in such technologies is progressing rapidly, driven in large part by the pent-up demand for safe cloud storage in the financial and healthcare industries.

The benefits of cloud computing are demonstrable and compelling. However, the ability to safely store information in the cloud has lagged behind the development of cloud services, and this situation has left the healthcare industry facing a difficult choice. Early adoption of the cloud will undoubtedly enable greater efficiencies and provide unprecedented collaboration capabilities between practitioners and even patients themselves. Yet, as custodians of highly personal and sensitive data, the healthcare industry must approach cloud computing with a healthy dose of caution. Thankfully, new security technologies, focused around very data-centric technologies, could soon provide a foundation upon which to build a better, more responsive and more efficient healthcare IT platform – something that will benefit everyone concerned.

Credant Technologies

User Rating: / 0
PoorBest