Into the Cloud with Foresight: Dignity’s Ray Lowe Shares Infrastructure Strategy at iHT2-Beverly Hills

At the Health IT Summit in Beverly Hills, being held Nov. 4-5 at the Sofitel Los Angeles at Beverly Hills in Los Angeles, and sponsored by the Institute for Health Technology Transformation (iHT2; a sister organization with Healthcare Informatics under the corporate umbrella of the Vendome Group), Raymond Lowe, senior director, information technology, at the San Francisco-based Dignity Health, on Nov. 4 shared his organization’s vision of moving forward on infrastructure and cloud capability.

Lowe’s presentation, entitled “A Use Case—Thoughts on How to Leverage Your Technology and The Cloud,” outlined some of the strategic considerations involved in moving forward to leverage Internet-based technologies as an integrated health system.

Raymond Lowe

The challenges and opportunities in this area are equally big: Dignity Health, which until two years ago was known as Catholic Healthcare West, encompasses over 40 hospitals across nine regional markets in California, Nevada, and Arizona, and over 60,000 employees, over 15,000 providers, in a health system with over $13 billion in assets and over $10 billion in annual revenues.

As Lowe told his audience at the Sofitel, “We’ve undergone a leadership transformation under our CEO, Lloyd Dean,” even as the organization continues to grow in size and scope. In that context of ongoing growth, Lowe told his audience that “As you look at the cloud and you take the journey around the [information] superhighway and the crossroads, you have to look at a variety of issues—public trust issues, feature/function issues, and the business case that needs to be made,” in order to think about cloud-based service management and the overall concept of shifting towards “business as a service.”

Lowe said that seven trends are shaping the landscape around virtualization now: the broad shift from episodic acute care to healthcare services personalized for individual patients; consumerism and the retail experience; a growing trend towards self-insurance among employers, with narrow hospital networks; the growth of telehealth capabilities; emerging interoperability in the provision of cloud-based services; the emergence of IP-enabled medical devices, including wearables and implantables for real-time monitoring, alerting, diagnosing, and prescribing, connected to “The Internet of Things”; and the emergence of predictive analytics capabilities to drive care quality and cost efficiencies.

Lowe told his audience that there are six critical steps to developing successful cloud computing. They are as follows:

1. Define your organization’s cloud security governance and policies.
2. Define your approach to standardizing your current architecture.
3. Develop and use a target-state architecture to define standards.
4. Buy commoditized cloud services and capabilities whenever possible without exposing PHI. “It’s cheaper to buy cloud services than to self-build,” he noted, “but you need to know how to manage it.”
5. Migrate existing applications and systems into private or hybrid cloud architectures, using a phased approach.
6. Decommission existing legacy systems as new capabilities come online within your target-state environment.

“It is vital,” Lowe said, “to develop an application migration strategy,” prior to full cloud architecture implementation. “You need to be standardizing and consolidating your applications and infrastructure” in an organized, strategic way, he emphasized. What’s more, he said, “As you prepare to migrate to the cloud, you need to understand that your security threats, vulnerabilities, and insecurities, will all be expanded.” He cited, among other developments in the past year, the huge data breaches at Target and Home Depot stores, as examples of the broad threats out in the operating environment.

In addition, Lowe said, “We think, when going into the cloud, that you need to develop cloud security defense practices.” Among those, he cited the following:

• Cloud governance
• Security governance, risk management and compliance
• Problem and information security incident management
• Identity and access management
• Categorize and protect data and information assets
• System acquisition, development, maintenance
• Security infrastructure against threats and vulnerabilities
• Physical and personnel security

Lowe urged his audience to consider very carefully the need to think very strategically and holistically the demanding requirements for moving towards the cloud, even as he predicted that for most large patient care organizations in the U.S., cloud-based architectures will inevitably be needed at some point going forward.