More than half of healthcare organizations are using Infrastructure-as-a-Service (Iaas) cloud platforms to provide an environment for a wide range of uses ranging from hosting internally developed programs to a running fully functional EHR.
That’s according to a recent HIMSS Analytics survey that found, whereas HIPAA privacy and security concerns kept healthcare CIO’s from embracing the cloud too quickly, few still have those same worries. Indeed, the survey found that disaster preparedness is now one of the leading reasons why healthcare CIO’s are shifting resources onto cloud platforms.
“You don't have to worry about your infrastructure and data center,” said Jason Bickford, Applications Director of Health Information Management Systems at Banner Health and president of the HIMSS Arizona Chapter. “Cloud-based is the right way to go.”
That said, the survey suggested IT executives aren’t exactly rushing to the cloud either. After budget limitations, respondents cited security concerns as a reason to move slowly toward the cloud.
“Regardless of whether a solution is hosted in your own data center or in the cloud, security should be a critical factor in your review,” said Susan Snedaker, Director, IT Infrastructure & Operations at Tucson Medical Center. “There’s nothing inherently more or less secure about a cloud option, but some cloud-based solutions may not meet today’s stringent security requirements.”
In selecting a cloud platform vendor, Snedaker advised a careful review of the vendor’s documentation and contracts. Pay attention to the provider’s security program and make sure that audits take place on a regular basis.
“If your database is going to be hosted on the same server as another database from another company, what happens if the other database is attacked? Can the attacker then gain access to your data?” Snedaker said. “Be sure to understand the specifics of the hosting solution so you are clear about your vulnerabilities. Then take steps to mitigate them – select a different solution, select a different hosting model, ask the vendor to modify policies, processes, procedures, access methods, etc. or accept the risk if it cannot be overcome and there are no better options.”