The healthcare sector appears to be getting over some of its apprehensions about moving to cloud computing. Recent studies by firms like Foley and Lardner LLP show cloud adoption is rapidly accelerating among healthcare companies despite lingering concerns about the security and privacy of patient data. Many organizations are ditching their aging internal IT systems and moving key applications like patient management, claims processing systems and patient billing to the cloud. According to HealthDataManagement.com, the health care cloud computing market is expected to grow from $1.7 billion in 2011 to $5.4 billion by 2017.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act), which provides fiscal incentives to healthcare organizations that move to an Electronic Health Record (EHR) system, is driving much of the action. The migration is also being prompted by the cloud’s familiar promise of lower operational costs and better efficiencies.
Public cloud vendors have responded to the changing mood with a plethora of cloud services for the healthcare market. Some of the services are targeted at clinical applications like EHRs, pharmacy use and medical imaging. Other services are targeted at nonclinical and administrative applications such as revenue management and patient billing. Over the next few years, public cloud-based EHRs, practice management systems and live chat software are expected to enable better communication and collaboration between physicians, hospitals, pharmacies and labs. Cloud-based patient management services and live chat software could transform the manner in which patient appointments are scheduled, inquiries are answered and patients are managed.
Not all healthcare companies will move to a public cloud infrastructure. Many organizations, especially those with the money and the resources to do so, will deploy private clouds in which the IT infrastructure is reserved exclusively for their use. The infrastructure could be owned by the organization and operated by a third-party, or it could be owned and operated by the third party on an exclusive basis. Large companies will likely deploy this model because it will allow them to harness all the benefits of cloud computing while also letting them have direct control over the infrastructure. Meanwhile, smaller healthcare companies that are concerned about the security implications of the public cloud but do not have the resources for a private cloud, will likely move to a community cloud environment where they share computational resources with other companies that have common security and privacy requirements.
While cloud adoption could well transform the manner in which healthcare services are delivered and consumed in the country, security and privacy issues will remain a major challenge. Statutes like the Health Insurance Portability and Privacy Act (HIPAA) and the HITECH Act require all entities handling patient health information to exercise specific measures for protecting the data. The laws require healthcare organizations to deploy specific technology controls for controlling access to patient data and for collecting, accessing, storing and sharing that data. The Centers for Medicare and Medicaid Services (CMS), the federal entity that is responsible for enforcing HIPAA security and privacy requirements, has come down heavily on organizations that have been non-compliant. Healthcare companies that move to the cloud will have to ensure they are doing so in a manner that is compliant with these statutes.
The Cloud Infrastructure
Healthcare companies that move to a public cloud service will likely face the biggest challenge. In a public cloud, the entire infrastructure is owned and operated completely by a third party. All security and privacy controls are managed directly by the cloud provider so companies are essentially handing over complete control of their data to an external party. Fortunately, a growing number of public cloud providers have begun offering services that are complaint with HIPAA requirements. Though the quality of some of these public cloud services remains untested at the moment, they may ultimately prove to be the best option for many healthcare organizations that are looking to move to an EHR system.