Ask Joy: This Week – Cloud Computing Comprehension
Prepare to Soar
We’ve already discussed how many providers are considering switching EHRs. Many providers are thinking about using cloud-based clinical solutions to take advantage of the cost-savings, implementation time, accessibility of data, and other benefits. But before you trust a third party with your practice’s protected health information (PHI), make sure you understand the basics of cloud computing. Here, we spend some time to prep a practice with a basic level of cloud comprehension and offer a handful of questions to ask any cloud-vendor before trusting them with your PHI.
My practice is considering moving to the cloud for our EHR and potentially some other clinical applications. While I have a basic understanding of what that entails, can you help me understand what I need to take into consideration before we take the leap?
Let’s start by trying to understand why the cloud is an important topic in the first place.
As I’m sure you are well aware, your practice is expected to deliver more while reducing costs. Cloud computing is uniquely positioned to be able to meet this need, which is why it is has so much potential to bring about a revolution in health IT. While other industries, such as banking, are much farther down the technology path than healthcare is, with 30% of medical practices transitioning to cloud computing services, healthcare is catching up.
So, let’s talk about the benefits of cloud applications:
- Security, compliance, and privacy
- Cloud services and hosting companies must meet the strict needs of the healthcare industry. The best vendors will be be HIPAA, ICD-10, and ANSI 5010 compliant, and will protect electronic data with as high as 256-bit SSL file encryption.
- Reduction in costs
- Going to the cloud can save your practice money on everything from servers, utility bills, in-house IT, and maintenance. Cloud-computing vendors also often support the technology and services that satisfy meaningful use.
- Scalability and flexibility
- Cloud vendors can more easily keep up with changing regulations and software updates. Any changes to the software typically happen system-wide, instead of updating each instance. Adding additional users without the typical IT growing pains is another boon.
- Storage / archiving
- Storage space no longer needs to compete with space for patient care.
- Implementation ease
- When you sign up with a cloud-based EHR, the set-up and implementation become easier, as the main technology requirements is having computers with a good Internet connection.
- Disaster recovery
- The data stored in the cloud is already in a geographically safe location, such as a data center, which have increased security and protection in the case of a natural disaster.
And the challenges:
- Security, compliance, and privacy
- As a covered entity, you are held responsible for any actions of your Business Associates. So it’s important to take the time when selecting your cloud-based service provider to find out if they have experience running and maintaining data centers and the safeguards that need to be in place in order to keep protected health information safe.
- Performance an availability of data
- With variable Internet connectivity speed, the performance of any cloud-based solution is only as good as the network connection in the practice. That also means you may only be able to access the data with an Internet connection.
- Vendor Stability
- If the vendor goes out of business or stops providing their service, customers may be at risk of losing their data.
- Integration with other applications
- Does the cloud-service integrate and/or share information with other applications, such as laboratories, imaging companies, PACS systems, pharmacies, etc. However, keep in mind this is a challenge with client-server applications as well.
OK, so we’ve got pro’s and cons. But there are also different types of clouds and different types of cloud services. I’d like to arm you with information so you’re familiar with them as they pop up in conversations.
Types of Clouds:
- Public clouds
- when your data is hosted by the vendor and lives on servers that may be shared with other organizations and with their information. Users gain access through web-based applications, but have no control over where their data is stored.
- Private clouds
- when your data is stored on a dedicated server and is not shared with any other organizations. These tend to be more expensive, but also more secure. The servers can be located on your premises or offsite. The offsite solution is generally cheaper.
- Hybrid clouds
- when you host your critical applications on a private cloud and host applications with fewer security concerns on a public cloud. This is a common solution for larger organizations.
Types of Cloud Services:
- Infrastructure as a Service (IaaS)
- when all the hardware necessary to run the EHR (or other application) are provided by the vendor, including servers, storage devices and virtual desktops. Amazon Web Services is an example of IaaS.
- Platform as a Service (PaaS)
- when the vendor provides the networks, servers, storage and other services, and the customer uses these to configures their own applications. A typical player in PaaS is Google’s Application Engine.
- Software as a Service (SaaS)
Questions to ask a cloud-based EHR or other clinical application vendor:
- Is the data from the application stored on a public or private cloud?
- Have the vendor and the data center signed Business Associates Agreements?
- What is the vendor’s track record of security and compliance? Are they HIPAA, ICD-10 and ANSI 5010 compliant?
- How long has the EHR vendor been in business and are they financially stable? What happens to the data if they go out of business?
- How many labs and imaging services have been integrated / interfaced with the EHR? If your lab company or imaging service is not on their list, who pays for the integration?
I hope this helps. Not all cloud-based vendors are created equal. It’s great that you’re doing your homework before taking the plunge.
About the Author: Joy Rios has worked directly with multiple EHRs to develop training programs for both trainers and practice staff. She has successfully attested to Meaningful Use for multiple ambulatory practices in both Medicare and Medicaid. She also authored the Certified Professional Meaningful Use course for www.4Medapproved.com. Joy holds an MBA with a focus in sustainability. She is Health IT certified with a specialty in Workflow Redesign, holds HIPAA security certification, and is a great resource for information regarding government incentive programs.Ask Joy is a regular column on 4Medapproved HIT Answers.