Not all clouds are created equal

By Kurt Hagerman
June 05, 2013
08:04 AM

Speed, immediacy and scalability are just a few of the rewards of using the cloud for your applications and data, and the reasons why so many healthcare companies are turning to the cloud to hold even their most critical data. Not only can you easily scale your cloud storage to accommodate your ever-growing healthcare records, but the mobility and immediacy allows you to access and respond to patient data whenever and wherever you need to.

If you’re thinking about migrating to a cloud platform, you’re hopefully concerned about security and performance issues-- and rightfully so. While healthcare providers enjoy incredible benefits with the cloud, not all cloud environments will provide the security and performance you need to adhere to HIPAA, HITECH, or even the internal controls your business has devised as best practice. Sorting the pack is just a matter of asking the right questions of the cloud provider.

Optimizing your cloud for optimal patient care

The foundation of a good EHR/EMR system is performance. Medical personnel must be able to retrieve data they need at any given moment; patient outcomes and treatment decisions depend on it. This is where an optimized cloud environment can shine by delivering data instantly.

So what performance benchmarks should be required from your cloud provider?

  • Build and test a proof of concept to ensure a particular cloud can handle your requirements.
  • Ask: What kind of storage does each provider use? Do they utilize fiber or network attached storage (fiber is faster and more secure)?  Do they offer high performance SSD based storage?
  • Ask: What hardware platform are they using to provide compute and memory?  Not all hardware performs equally.
  • Inquire about how they plan and manage capacity – many providers use an oversubscription model, which can result in performance degradation at certain times of day or days of the week.

Staying compliant through smart security checks

Meeting the HIPAA / HITECH requirements is a mandatory and challenging task. Once again this is an area where the cloud is a natural ally, helping healthcare providers meet compliance standards. The secret: excellent security. Once you’ve locked down your cloud to protect patient and other sensitive data, you’ve already won half the compliance battle.

To ensure your particular compliance needs are met, you must look past the marketing hype and use the following best practices when assessing cloud providers:

  • Some vendors provide security through third parties, which involves a longer chain of liability for you to evaluate. Read all documentation; even if your vendor can show you an audit report (such as an SSAE 16), you must read it closely to determine if their security services were actually part of a third-party audit. Oftentimes they are not.
  • Look for healthcare-focused third parties that validate each cloud provider’s security practices and policies, such as research entities and auditors.
  • Ask if the provider will enter into a BAA (business associate agreement). This legally binding agreement helps insure that your vendor will take responsibility for protecting your PHI appropriately, as well as follow the HITECH and HIPAA rules.
  • Make sure your cloud provider clearly articulates your compliance responsibilities as the customer and their responsibilities as the vendor. If they seem reluctant, or are vague on the division of responsibilities, the odds are they won’t meet your needs or expectations long term.

With a cloud stack designed to meet the specific needs of the healthcare industry, you can optimize your EMR/EHR system, improve medical billing, enhance patient outcomes, satisfy compliance regulations and more. The trick is doing your homework and asking the right questions that will lead you to infrastructure with the security, performance, and consultative, managed services your healthcare applications and data require.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

Atrium Health responds to new social engineering attack
Vendor Notebook: New cybersecurity and EHR performance upgrades 
Choosing a managed IT service for aged care
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill
5G will power the next evolutionary stage of healthcare in APAC

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Healthcare worker looking at medical record on tablet with patient in background
Protect your IoMT devices against evolving cyberattacks
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think
Richard Staynings at the University of Denver_Healthcare Cybersecurity Forum 2024
The challenges of safeguarding healthcare's 'data ocean'
Avihai Sodri of Antidote Health on telemedicine
How virtual-first can improve outcomes and make care more affordable