Home  |   Subscribe  |   Resources  |   Reprints  |   Writers' Guidelines

February 28, 2011

Cloudy Forecast for Healthcare
By Selena Chavis
For The Record
Vol. 23 No. 4 P. 10

Will there be a crowd in the cloud? The healthcare landscape is complex, but many experts believe cloud computing could mean sunnier days for information sharing.

Cloud computing hasn’t lacked coverage over the past few years for its potential in creating efficiencies and helping IT environments become more flexible and sustainable. And the revolution is rapidly taking shape in most industries—most industries, that is, except healthcare.

“I’ve found that the healthcare industry certainly lags behind in the uptake of cutting-edge IT development,” says Mike Wall, CEO of DiCOM Grid, an Arizona-based HIT company. “This industry is now beginning to look at [cloud computing], and I think over the next couple of years you will see more and more healthcare organizations using applications in a cloud.”

Consider the following statistics: According to research firm Gartner, cloud computing services revenue totaled around $56.3 billion in 2009, representing a 21.3% increase over the previous year. Based on growth expectations, the firm predicts the market will expand to $150.1 billion in 2013.

Other industries see the benefits—often touted as cost efficiencies, increased flexibility, and improved access and interoperability—making many healthcare industry professionals ask, “What’s the holdup?”

Wall acknowledges that while the benefits of cloud computing outweigh the risks for most IT professionals, the healthcare industry is more complex than most. With privacy and security at the forefront of concerns over cloud computing’s potential, many healthcare organizations are treading cautiously into this arena for fear of ending up on the evening news in the wake of a data breach.

Jim Kane, chief information officer services director with Houston-based software sourcing company TPI, believes healthcare is missing an opportunity to take HIT to the next level, especially since other data-sensitive industries such as banking have been utilizing cloud strategies for a decade.

“Healthcare is underutilizing IT,” he says, adding that most healthcare organizations that are even entertaining the idea of implementing cloud strategies are still very much in the planning stages. “Healthcare is kind of taking bite-sized pieces. They are taking it slow.”

Scott Donahue, vice president of Triple Tree healthcare advisory group, agrees, pointing to statistics such as those found in the 2009 PricewaterhouseCoopers Health Research Institute study that revealed nearly one half of the $2.2 trillion the United States spends each year on healthcare is wasted.

“While it is impossible to point to any single breakdown contributing to the waste, it is clear from the study’s findings that this is an industry that has significantly underutilized technology to improve efficiencies,” he says, adding that cloud computing could help mend a healthcare system that is stuck in the inefficiencies and limitations found in older legacy systems.

Defining the Cloud
In its most basic form, cloud computing is often defined as tasks that are performed using applications provided over the Internet. It’s a networked provision resource independent of where it’s located. For personal use, this may represent the use of a site such as Flickr to store and share photos and images.

From a business perspective, it has come to mean “anything related to IT that is not located in the office,” according to Margalit Gur-Arie, an HIT consultant who also maintains a blog. “I’m seeing a lot of confusing terminology.”

Gur-Arie explains that the concept of a pure “cloud” environment is not necessarily what is being viewed as a cloud environment in healthcare. Pointing to Amazon’s EC2 product as a true cloud offering, she notes that “everything is virtualized in a huge database in the sky.”

Specifically, Amazon EC2 allows customers to use Web service interfaces to complete tasks with various operating systems. They can load them with a custom application environment and manage their existing network’s access permissions. “That’s not what is really happening in this [healthcare] industry,” Gur-Arie says.

Most industry professionals seem to use the terms software as a service (SaaS) and cloud computing interchangeably. Gur-Arie explains that SaaS refers to an organization’s data sitting in a vendor database, eliminating the need for the client to manage and maintain its IT infrastructure. “These are multitenant structured scenarios with lots of tenants in a database,” she says.

Then, there is an application server provider, which refers to an expanded vendor-hosted environment where the service is virtualized much like an SaaS, but customers have their own individual servers.

“The delineation comes from whether it’s Web based or whether you have to have a client application to access the database,” Gur-Arie says.

While the distinction of true cloud computing may remain elusive in the healthcare industry, professionals point out that the ability to move IT management of hardware and software off site can offer notable benefits in the form of cost efficiencies, interoperability, and data sharing.

Leveraging the Cloud
For Parmer Medical Center (PMC), a 25-bed critical access facility located in rural Friona, Tex., the decision to use a mobile Web-based enterprise platform that leverages cloud capabilities has proven to be prudent, especially as it relates to cost efficiencies. The Web-based virtual application offers support in areas such as computerized physician order entry, clinical decision support, advanced reporting, and maintaining a clinical data repository.

“Our greatest benefit is cost,” notes Mike Prather, the facility’s networking and information systems director. “We have someone else managing security, maintenance updates, and upgrades. For a relatively small facility, that’s huge.”

Prather explains that the center has two primary application vendors: one for financial applications and one for clinical. The organization, which has had the same financial vendor for the past 20 years, had utilized an on-site server until recently. Now a vendor provides the server, and the organization accesses the application via a virtual private network.

In the case of the clinical system, PMC uses NextGen Inpatient Clinicals, which offers more of a SaaS concept, according to Prather. “Internet Explorer does a bit more of the actual processing, but the majority of the work is done on a server,” he explains.

While cost efficiencies are likely to be the benefits that will initially turn the heads of healthcare executives, industry experts point to cloud computing’s potential to take the industry to the next level of HIT advancement. Donahue indicates that many healthcare systems are still built on workflows consisting of paper medical records, nondigitized images, fragmented IT systems, and information contained in departmental silos, making the concept of information sharing complex at best.

“[Cloud] environments will lower the barriers for innovation and modernization of HIT systems and applications,” he says, adding that cloud computing makes interoperability a much easier pursuit because applications and data are stored in a Web-based cloud rather than in legacy systems. “Patient information can be shared among authorized physicians and hospitals, providing more timely access to life-saving information and reducing the need for duplicate testing.”

The potential for more effective data mining also increases, according to Wall, pointing out that this piece will be critical to where healthcare is going in terms of research, scorecards, and reporting. “Having data securely managed opens up opportunity for other uses,” he says. “It’s creating anonymized pools of information and making that available to researchers. With the right types of security, the industry will have the ability to aggregate information in the cloud as opposed to enterprise silos.”

Gur-Arie says the cost efficiencies and benefits are obvious in smaller healthcare organizations that don’t have the resources to manage full IT departments. “For these groups, leveraging the strengths of an industry data center is much cheaper … and securitywise, there is no way a small office can provide the level of security that a data center can provide,” she says, pointing to the inherent benefits of moving data off site and accessing it via Web-based applications.

Wall suggests that the benefits are evident for both small and large providers but that larger organizations require more complex, sophisticated arrangements. Many large healthcare groups are utilizing cloud computing for augmentation to help drive down costs rather than trying to transfer all IT infrastructure out of the building.

“It’s a complementary implementation,” he explains. “As confidence builds, they will do more in the cloud because it will allow them to do more things.”

Gur-Arie says there are pros and cons to large organizations moving data into a cloud. The facility must be confident that a hosted data center is doing its job in relation to regular maintenance and security. While smaller organizations are likely to find higher-level security and infrastructure than what they could provide on their own, some larger providers have the resources to do the job just as well.

“It really depends on the facility, how technical they are, and how much they are willing to invest in IT,” she says.

Securing the Cloud
While the perceived security risks of cloud environments are perhaps the greatest hurdle to more widespread use by the healthcare industry, many experts believe the concerns are weighted too heavily or are simply unfounded.

Pointing to small providers who choose to move applications to vendor-hosted offerings, Gur-Arie reemphasizes that these organizations do not have the resources to match the security infrastructure offered by a vendor-hosted cloud environment.

Industry professionals acknowledge that cloud computing environments will have to prove themselves on the security front in order to gain providers’ trust. “Cloud computing for healthcare will need to have the highest level of availability and offer bulletproof security in order to gain acceptance in the marketplace,” Donahue says, while pointing out the primary difference may be found in the use of private cloud environments as opposed to public.

Public cloud environments offer infrastructure and applications by the organization marketing the cloud services. In the case of private cloud environments, the offering is made available behind a firewall and maintained according to the parameters of the host organization.

While the risks of using cloud environments may be receiving more airtime than the benefits, Kane says many of TPI’s healthcare clients are successfully utilizing private cloud environments.

Meanwhile, Wall believes the security issue is where the rubber meets the road in terms of how the cloud revolution will impact healthcare. “There’s a perception that once something is in the cloud, it becomes less safe,” he says, noting that it’s an education issue as reality suggests that data are likely less secure in current, real-world situations. “People have a perception that things on the Internet can be easily hacked into … you read about these violations all the time.”

Kane adds that cloud computing alleviates some of the current situations that can lead to security breaches. “Most breaches are connected to some end-point device—a laptop or mobile device,” he notes. “You just don’t leave a data center at a train station.”

David McCament, director of healthcare/payer provider at TPI, points out that industries such as banking have been successfully moving sensitive data around for many years in virtual environments. “Right now, there are an awful lot of good systems out there that are secure,” he says.

Wall recommends that organizations interested in moving data to a virtual cloud environment choose wisely when selecting a host. “Look for a vendor that can provide multiple applications to satisfy your needs,” he says. “Then develop a project plan between the customer and vendor to deploy.”

Emphasizing that there are security risks inherent in any form of technology, Kane says providers need to take the first steps, thoughtfully managing the risk and asking the question, “What if something does happen?”

“If you don’t have that conversation, then you’ll continue to be spooked by the whole process,” he says.

— Selena Chavis is a Florida-based freelance journalist whose writing appears regularly in various trade and consumer publications.