The healthcare industry is in a period of significant evolution. Everywhere you turn, you hear talk of mergers, acquisitions, practice transformation, value-based care models, and workflow optimizations. Healthcare organizations are looking to information technology investments to adapt (and, with luck, thrive) during and beyond this period of dynamic change. And a new IDC Health Insights report, “Business Strategy: Trends and Opportunities in the U.S. Healthcare Provider Market — A Discussion of the 2015–2016 Healthcare Provider Technology Spend Survey Results,” suggests one such adaptation involves finally warming to cloud-based technologies.
“The cloud is not a new technology. But its adoption in healthcare has lagged because of the unique concerns of healthcare organizations around security, availability of data, and latency of data. You need to have secure data available rapidly at the point of care,” says Nancy Fabozzi, a principal analyst in Frost & Sullivan’s Transformation Health group. “That’s what you need for any information system when you are in an environment when you are caring for patients.”
Cloud computing, loosely defined as the process of sharing resources across a network of computers to store and process information so that data can be accessed from anywhere, has been successfully leveraged in other industries, allowing more flexibility and reducing costs, for nearly a decade. And according to the IDC report, healthcare organizations are becoming more open to the idea. Thirty percent of respondents stated they were comfortable with the cloud in 2014—with an additional 41.5 percent saying they their comfort levels with cloud-based technologies had increased from 2014 to 2015. Furthermore, provider organization respondents reported an estimated average of 24 percent of IT spend would go into projects that use managed third-party hosting and 18 percent to software-as-a-service (SaaS) offerings.
So why the change? Fabozzi says that, as the healthcare sector continues to weather dramatic changes, provider organizations need more flexibility in their technology infrastructure in order to keep up.
“The dynamics of the healthcare environment today are chaotic. So many rules are changing, in terms of meaningful use, the move to value-based reimbursement, population health, and what Centers for Medicare and Medicaid Services (CMS) wants you to do,” she says. “So you need systems that are equally as dynamic. They need to be flexible and easy to customize very rapidly. And you can’t find that in the traditional installed-on-premise system that has dominated the industry up until now. They just don’t work that way.”
Different Levels of Cloud Comfort
Many healthcare organizations are reporting plans to invest in the cloud—but are they doing so for applications that handle protected health information (PHI)? It’s unclear. Robert Eardley, senior vice president and CIO at Houston Methodist, a health system in Houston, Texas, with seven hospitals and one research institute that employs more than 4,000 physicians, says that while he agrees comfort with the cloud is growing, it may be more with applications that don’t store or process sensitive patient information.
“We have a number of remote-hosted and cloud solutions in our IT environment. And the cloud makes a lot of sense when you are talking about email tools, video distribution services, and learning management systems,” he says. “The cloud makes a lot of sense when you are talking about a solution that largely stands by itself and can be sold and serviced as a solution. It makes less sense when it’s highly interfaced and has a lot of PHI, because there are a lot of potential security concerns. That’s why we still tend to store PHI on premise at this point.”
He also says that the definition of “cloud” remains a bit malleable in the healthcare IT space. “There are different definitions of the cloud that are used in healthcare. For me, the best definition of a cloud service is one where it offers device synchronization. Think Kindle, think iTunes—the kind of application that allows device synchronization via the cloud,” he says. “But people also use the term cloud to describe a remote-hosted software application. And then there’s SaaS, which is kind of in between those two, which goes beyond remote hosting of an application on somebody else’s servers and adds ancillary solutions as a service. I think a lot of healthcare organizations are using the cloud for different parts of their IT programs. But a lot of these offerings need to mature before we think about using them with PHI, so we can make sure the security we need is there.”
More Skin in the Game
But Peretz Stern, CIO of AristaCare Health Services, a provider of long term, sub-acute, and post-acute care services headquartered in Cranford, N.J., believes that the offerings have matured to where they need to be—and can more than effectively secure PHI.
“We had a wake-up call after Hurricane Katrina. One of our facilities was on a generator for almost 14 days. If any data would be stored there, it would basically just create a vacuum that would put actual lives in danger,” he says. “That’s when we really started considering cloud-based technologies. Because the cloud makes it easier for us to create redundant pathways to the Internet where we can get the data we need. We sleep better at night knowing that we now have an infrastructure and protocols in place where we can get the data we need and patient care won’t be compromised.”
Stern acknowledges that AristaCare had substantial concerns about patient data containment when they started looking at implementing a cloud-based electronic medical record (EMR) system. But he says many of those concerns were based in long-standing myths regarding a lack of security.
“There’s this idea that when you go to the cloud, your data isn’t in your control anymore. That’s not the case. It becomes a collective responsibility,” he says. “And that’s how we know our data is secure. We are one customer with six facilities and 1,200 beds. Our vendor, PointClickCare, has more than 11,000 active facilities. They essentially have more skin in the game than we do. They have to answer to more people if there would be a breach so they are investing a lot more capital and resources than we would be able to in order to secure the same data. It gives us a lot of comfort to know that our data is that secure.”
Moving Towards the Cloud
While some reticence remains, it is clear than more healthcare organizations are moving electronic patient records, diagnostic images, and other data out of on-premise storage centers and into the cloud. Fabozzi believes that healthcare will see a “rapid acceleration” of adoption over the next five years—though hospitals and provider organizations may be a bit slower to use the cloud for PHI-related applications.
“Value-based reimbursement is going to push this rapid update. Healthcare organizations are going to need all manner of new features and functions to meet the requirements for CMS and value-based care models,” she says. “It’s going to be so dynamic and so complex that they will need these SaaS offerings because it’s going to be the easier, the most flexible, and, ultimately, the cheapest option for them to be compliant.”
She also says that ongoing healthcare mergers will also push cloud adoption. “If these big mergers go through as we think they will, there’s going to be consolidation on a massive, rapid scale,” she says. “It’s going to be a huge opportunity. Because these organizations are going to have to look at their IT infrastructure and ask themselves where it makes sense to rip and replace all these systems or partner with a seasoned vendor who can come in and offer them a really nimble, agile cloud-based next generation IT infrastructure. I think the latter option is the way that many organizations are going to go.”
Stern, for his part, is a strong proponent of cloud-based technologies and hopes that healthcare organizations will stop relying on myths regarding privacy and security—and start looking to the facts. The benefits, he argues, far outweigh the concerns. He credits PointClickCare’s cloud-based infrastructure for helping AristaCare roll out a new EMR system for 1,100 beds in an astonishing 90 days—and looks forward to being able to having that kind of speed and agility for a variety of different IT roll-outs in the future.
“Having the cloud means that we can focus on business than infrastructure. We don’t need a data center. We shouldn’t be worried about how to store and get at all this data,” he says. “Because our business is care. It’s what we do. And it’s something we wouldn’t be able to do as well without having the cloud.”