Look before jumping into the clouds

By Jeff Rowe
01:56 PM

It seem an increasing number of healthcare providers are spending more and more time gazing at, and venturing into, the clouds.

At least that’s what this IT and intellectual properties attorney claims, and he backs up that assertion by pointing to a study that suggests that while “health care is a market segment that has generally resisted jumping into the technology explosion taking place ‘in the cloud,’ . . . 30 percent of health care organizations are now either implementing cloud-based solutions or are already operating such solutions.”

Moreover, “the poll projects that current cloud users will spend more than one-third of their 2016 IT budget on cloud resources and applications.”

As with any development of this type, the move comes with it share of plusses and minuses. On the plus side, there are “the flexibility, cost savings and convenience that cloud-based solutions can offer,” but “at the same time, there are significant downsides to making the move-including the loss of control over critical IT systems and sensitive data.”

Not surprisingly, as he’s an attorney, he’s got some advice for providers who are considering taking their IT operations into the clouds.

For starters, “health care organizations should carefully monitor tax regulations as states begin to formulate positions on the taxability of cloud-based services. Several states have already issued administrative rulings that such services may be subject to state sales tax, and providers are certain to pass these taxes on to their customers.”

Next, “before agreeing to provide any information to a cloud provider, health care organizations should conduct due diligence to make sure that the entity is capable of safeguarding its information. In addition, there are a variety of contractual protections that health care organizations can use to manage data privacy and security risks, and to mandate the required response if a breach occurs. Such measures are important not only as good business practice, but also to facilitate compliance with HIPAA, the HITECH Act and other laws that apply to health care organizations.”

The piece is worth reading in its entirety, as it manages to look at migrating to the clouds from a number of critical angles.

As the writer puts it, “most health care organizations today are accustomed to an IT infrastructure built on a traditional licensed software platform. Therefore, transitioning to cloud-based solutions raises new commercial and legal issues that should be carefully considered before making the move to this ‘undiscovered country.’”