Checklist for health orgs facing the cloud imperative

By By Dennis Schmuland, MD
08:43 AM

There are two business imperatives facing every health and government organization and market leaders are quickly looking at the cloud as the means to address them.

How an organization handles the issues of team communication and collaboration, and securing data, servers, PCs, tablets, and mobile devices to meet HIPAA privacy and security regulations are both proving to be a significant measure of whether the organization is positioned for competitive advantage in the future.

Team communication and collaboration
The Joint Commission Sentinel Event database shows that poor communication is cited as a root cause in nearly 70 percent of reported sentinel events; an unexpected occurrence involving death or serious physical or psychological injury, or the risk thereof. Clinical teams – doctors, nurses, pharmacists, and care coordinators – spend about 80 percent of their time communicating with one another, so the ability to easily and quickly do so on the move – between patients and departments or the office and hospital – can be the difference between a patient’s rapid recovery and a life threatening complication. 

[Related: Why do so few fed execs get Cloud-First and Datacenter consolidation?]

Moreover, as the financial incentives of providers, insurers and consumers become more closely aligned with improving the quality, accessibility, and efficiency of care, the practice of medicine is experiencing a once-in-a-century shift. Rather than solo performers and hospitals being paid for piecework, medicine is practiced as a team sport by high performance, virtual teams of nurses, pharmacists, primary care physicians, specialists and insurers who are paid to deliver overall improved population health, and reduce the cost of caring for an aging baby-boomer population. 

In this new shared accountability health model, success is no longer about getting the right information at the right time to the point of service as much as it is about highly mobile, multi-disciplinary teams continuously communicating and doing hundreds of collaborative processes well, and tightly coordinating them in a way that improves the quality, safety and the throughput of care at a lower cost per capita.

Ironically, despite the surge in HIT investments in the last decade, particularly in EHRs, productivity has suffered. A recent comparative analysis of productivity by industry showed that healthcare has actually experienced a declining 0.6 percent in productivity every year over the past 20 years. A recent physician survey by online physician community Sermo and EHR provider Athenahealth validates the productivity decline that has come as an unintended consequence of EHRs. In this study, three-fourths of physicians reported that their EHR actually distracts them from patient care, an increase in 12 percent over the prior year.

Fortunately, HIPAA-secured cloud-based communication and collaboration systems can complement and work alongside EHRs to deliver the capabilities that virtual teams need to be productive and effective, anytime, anywhere, and via any device. These capabilities include instant messaging, presence (the ability to detect a colleague or collaborator’s status e.g. online, busy, away, etc.), voice, video, email, calendaring and sharing of virtual workspaces, workflows, desktop files and apps.

For example, a five-physician primary care practice in the southern US combined cloud-based communication and collaboration capabilities with their EHR, enabling staff to continuously communicate and tightly coordinate care and workflows to improve team productivity and performance. In this case, they replaced phone and intercom systems with cloud-based communications, eliminating dependency on wall and desk phones.

[See also: HIMSS 5 factors for picking a healthcare cloud vendor.]

Similarly, a large national health plan used cloud-based communication and collaboration services to create a secure cloud “perimeter” that uses identity federation to traverse organizational boundaries with their business partners, including physicians. Now they are able to create virtual teams with hospitals and physicians to coordinate and reduce the cost of receiving care for patients.

Securing data, servers, PCs, tablets and mobile devices

Data breaches are clearly on the rise. In 2011, health data breaches were up by 32 percent over the prior year, according to Ponemon Institute’s 2nd Annual Benchmark Study on Patient Privacy and Data Security. To date, the cloud has not yet been cited anywhere as a significant cause of data breaches. Instead, the top causes cited by Ponemon are lost or stolen equipment, errors by third parties, and employee mistakes – but not the cloud.

Breaches range from government to commercial entities, from the loss of a company laptop from a cancer care group that had more than 55,000 patient records on it to a state department of health, where the faulty configuration of a network server contributed to a breach of more than 255,000 social security numbers.

Arguably, many breaches like this one may not have occurred if sensitive data was stored in a HIPAA secure cloud environment, where a trusted cloud provider, acting as a business associate for the covered entity, is contractually obligated to implement the required physical, technical, and administrative safeguards to reduce the risk of data breaches. 

[See also: The cloud as a health data nexus for ACO.]

Compliance would be supported by cloud-based device management tools that not only help secure patient information in organizationally owned assets, but also allow compliance officers to extend HIPAA security from the cloud to end devices such as laptops, tablets and smartphones.

5 things you should look for in a cloud solution provider

Clearly, adopting the cloud in health is not so much a question of “if” as it is a question of “when”, but how do you align your decision around what matters most to your healthcare organization? With productivity, clinical safety and security in mind, below are five key considerations any health organization should demand from their cloud solutions provider.

1. Security compliance and HIPAA/HITECH readiness

  • Will the cloud productivity solution provider sign a HIPAA Business Associate Agreement (BAA) to ensure a covered entity’s electronic Protected Health Information (ePHI) is managed as required by Federal law?
  • Does the cloud productivity solution provider’s BAA meet the healthcare industry’s requirements?
  • Are encryption services offered?
  • Does the cloud provider give me a way to manage mobile devices like laptops, tablets, and phones that access patient information?

2. Privacy control over your own data

  • How easy is it to control permissions to ensure only those who need to view ePHI can do so?
  • How easy is it to terminate the service and delete my data from the cloud?
  • Will my data be used for advertising or other commercial purposes without
  • my consent?

3. Cloud on your terms

  • Does the vendor offer a cloud or nothing ultimatum rather than giving you the choices of a cloud solution, an on -premise solution, or a hybrid combination, on your terms?
  • Do I have to go to multiple cloud providers to have a complete cloud strategy?

4. Enterprise-ready

  • Does the cloud productivity solution provider have a history of enterprise experience in healthcare?
  • Do they offer solutions for enterprise customers that are distinct from their consumer offerings?
  • Can I leverage my existing investments in software and training?
  • Will mission-critical data and services be available and supported 24/7?

5 Patient-centered care strategy

  • How does the cloud productivity solution support patient-centered care?


Related cloud computing coverage:

Considering the cloud? Here are 6 tips for health entities

Q&A: How Ochsner is 'Amazon-izing' itself with big data

Patient records in the cloud, part 3: Potential for end-to-end encryption

HIT makeover, public health style

With eye on public health, Delaware, Michigan roll out clouds

Q&A: Michigan's journey to cloud engagement

NIST's 10 cloud computing requirements

Public health's 5 big data hurdles

NASCIO's 12 tips for states considering the cloud

Cloud, mobile tech's on display at Government Health IT conference