HIPAA, the Cloud and how Containers can Impact Healthcare Data Flow Challenge
At HIMSS 17 in Orlando I had a chance to sit down with two top executives from ClearDATA. The company is a secure, HITRUST-certified healthcare managed cloud provider that offers HIPAA compliant cloud hosting, backup, disaster recovery and information security services. Chris Bowen is the Chief Privacy and Security Officer and Founder of ClearDATA. Matt Ferrari is the company’s Chief Technical Officer. Both offer their insights on trends in security. You can also listen to the podcast interview.
Chris Bowen, Founder of ClearDATA
Chris, security has been front and center here at HIMSS and I would imagine you’re getting a lot of questions from the attendees about their concerns with moving to the cloud as the industry continues to focus on the secure exchange of ePHI.
Chris: Yes, the cloud is a hot topic. We have some customers who are moving from traditional, on-premise hosted types of systems to the cloud. Other hospital systems are still trying to figure out, “Do they want to move to the cloud?” And in fact, we attended a cloud forum just a couple of days ago where that debate is still alive and well with various hospital systems and strategies.
So you’re addressing this issue of storing data in the cloud as a whole?
Chris: Absolutely. We have a solution that will allow a hospital healthcare provider or a hospital system, as well as the ecosystem of companies that support healthcare, to securely store data in the cloud and do so in a way that is usually more secure than can be done on-premise. So for example, we can enable versioning in a storage bucket, we can invert, enable very micro level access controls, auditability. Auditability is one of the most important parts of adhering to the HIPAA security rule because you need to be able to prove that you’re doing certain things. And the cloud allows us to do that a lot easier than you can do that on-premise.
I would also think, and you can tell me whether this is true or not, that some of these people that are approaching your booth and talking to you here at HIMSS are also mentioning ransomware.
Chris: Well, we haven’t had a ton of that come up today. But it is a rampant problem in healthcare. Now, the cloud can address that issue if you simply use a sound backup strategy, obviously educating your employees, your workforce not to click on those phishing attempts in their email. But you can back up your data in a way that allows you to combat that problem, as well as applying other defense in-depth strategies.
Switching gears here, who is Deanna Wise and where does she fit into the conversation that you’re having here at HIMSS17?
Chris: So, we had a chance to talk to 500 or 600 people yesterday to talk about Deanna’s journey to the cloud. Deanna is the Executive Vice President and Chief Information Officer for Dignity Health, which is the nation’s fifth largest health system, the biggest one in California. And she was able to tell her story about her turning point in terms of moving certain workloads at Dignity Health to the cloud.
What advice and guidance did Deanna have to give to the audience in her presentation and your presentation yesterday at HIMSS?
Chris: She gives some great advice around making sure to move in a way that’s methodical and take some baby steps. If you’re not sure of the cloud, pick some workloads that are going to be able to provide you proof points. Obviously, involve the business, make sure that they are part of the decision on moving to the cloud in terms of how does that enable their use case applications. She also provided advice on how to choose a cloud provider, what to look for. Look for the trust relationship between you and the cloud provider. Ensure that you can live up to your agreements. Make sure that you have the expertise necessary to handle complex workflows within a healthcare environment, among other things.
So sounds like that if you migrate to the cloud, it doesn’t have to be like all or nothing. You can do it as it fits in with what else is going on. Is that correct?
Chris: Absolutely. Forklifting everything to the cloud is a sure way to fail somewhere. So you have to plan it, you have to be methodical about it, and you have to do it in a way that does not disrupt patient care. Ultimately, it will enhance patient care because you enhance data flows, data sharing, and other things, interoperability is greatly enhanced by the cloud. But you don’t want to do that in a way that disrupts and impacts the patient.
Finally, you’ve got a great booth location this year and a great booth. So, what are you showcasing at this year’s HIMSS?
Chris: We are showcasing our cloud containers, a service offering that we just announced this week. Containers can impact the healthcare data flow challenge in terms of moving from one environment to the next, while addressing very specific use cases. Many folks don’t understand what containers are yet, but they will. And so, we’re kind of at the leading edge of that development. But we’re still touting our normal offerings, which are very secure cloud environments using devops automation in order to enable patient care.
Matt Ferrari, Chief Technology Officer, ClearDATA
I saw a recent announcement from ClearDATA about a new product launch. Can you tell us about it?
Matt: Absolutely. We launched a containers platform which is a product that runs on top of our Amazon Web Services offering. It is focused on servicing providers, payers, pharmaceutical companies and HIT and focusing on how can we reduce costs and drive security into healthcare organizations.
So educate me and our audience, when you say “container” what are we talking about here?
Matt: Sure. Traditionally in cloud or in public cloud healthcare organizations have focused on virtualization or essentially bringing what was known as dedicated environments or dedicated servers into the cloud through operating systems. Containers is the next step of that. It is an app-sized or bite-sized version of that which allows a healthcare organization to only pay for the specific services that they are actually using at the time. Rather than a doctor or a provider having to run an entire operating system and pay for all of those costs 24/7, instead they’re running just a bite sized version of that and they’re only paying for what they use at that time.
How did you uncover this need in the marketplace?
Matt: Great question. A big chunk of my job is talking to CIOs from providers, payers and pharmaceutical companies. What we’ve heard time and time again is “how can we continue to provide a more secure environment while still reducing our costs?” It’s fair to say that tons of CIOs are getting out of the data center business and they’re moving into cloud, but traditionally their biggest concern has been security and compliance. So, we wanted to focus on providing that wrapper for security and compliance but do it in a cost efficient manner. The shorter answer would be because we’re listening to our customers.
Clearly, you guys are innovators here. So what’s next? What’s coming down the road for you guys?
Matt: Recently we launched a compliance dashboard. That compliance dashboard takes a look at both HIPAA and HITRUST regulations. That dashboard actually shows near real-time changes inside of a cloud environment within a provider, payer, or pharmaceutical organization if they are falling out of compliance. This way if they do something that may push them out of compliance, someone like ClearDATA can immediately get them back into compliance to help secure patient records. The next step is to actually be able to put that environment inside of the data center, to allow a provider or payer organization to actually run that dashboard inside of their own data center to see how compliant they are. We are referring to this as an on-premise compliance dashboard.
Hopefully, we’ll have a chance to see that dashboard next year at HIMSS?
Matt: Yes, I would love to make that happen.