As infrastructures in data centers grow older and leaders ponder how to do more with fewer resources, many healthcare organizations are turning to the cloud for their storage needs. Using a cloud solution has many attractive pros: increased access, data sharing, and lower overhead if you are moving from maintaining physical infrastructure to pay-as-you-go in the cloud. It can also add a layer of security for some organizations, particularly in areas prone to natural disasters that could take physical offices offline. Cloud infrastructure and services can offer security expertise and firewalls to healthcare practices that may not have these resources available elsewhere.
Room for Growth
When you consider what type of cloud to use, imagine how your organization’s needs may grow, and choose a vendor that can grow with you as those requirements change. It is a huge undertaking to configure systems and migrate data, and your IT staff will be reluctant to repeat it. Envision your organization’s needs one, five, even ten years into the future, so you can choose a solution that will meet your needs for the long run as well as the immediate future.
Who’s Responsible for Security?
One concern that will always be at the forefront of any cloud-related decisions is security. Is the cloud a safe place for patient data, when healthcare providers are committed to adhering to HIPAA regulations to safeguard sensitive information? According to Paul Butler of Top Tier Consulting, the attitude in healthcare has changed a great deal from the time when common belief was that the cloud wasn’t secure enough to store patient health data. “I think…the healthcare industry has realized that not only is the cloud secure for healthcare data, but it’s probably more secure than what they’re able to do inside of a hospital.”
Security is built into physical networks with time and thought to effectively protect healthcare organizations. But when that infrastructure moves to the cloud, security can be quite different. According to Donald Meyer of Check Point Software Technologies, “The build of many security technologies is for static, manually intensive networks, and the cloud is much more dynamic; the static networks we are accustomed to don’t translate well to the cloud.”
Consider who is best equipped to manage your information needs. A large health system may have the resources to handle all cybersecurity in-house, while a smaller organization may find that a service like Amazon or Google will relieve them of a staffing and infrastructure challenge. Using a web service still requires due diligence on the part of healthcare providers, though. You must ensure they meet your security standards, so some configuration is involved on the user end, and you will need to make sure your provider signs any pertinent security compliance agreements. Meyer notes that some responsibility for security may be shared: “Cloud providers will protect the infrastructure, but as a consumer or an organization, whatever I carve out of the cloud, it is my responsibility to protect the data I place there.”
Nephi Walton of the Washington University School of Medicine points out that the cloud does come with security concerns, but so do all types of infrastructure employed by healthcare organizations. “I’m sure people are targeting Amazon, Google and Microsoft, but because they get that all the time they’re more prepared to defend against it,” Walton said at the Cloud Computing Forum in Orlando earlier this year. “You’re hard pressed to match the same security as one of these companies.”
The cloud can offer opportunities for providers to engage patients, cut costs, increase security, and allow staff to focus on patient care instead of IT systems. Chances are your organization already uses the cloud; by asking the right questions, you can make decisions that help your practice use the cloud to provide better care now and into the future.