HIMSS 5 factors for picking a healthcare cloud provider

By Lee Kim
01:20 PM
a:2:{s:5:"title";s:13:"Lee Kim, Esq.";s:3:"alt";s:0:"";}

The “cloud” (in computing) is not a new concept. If you use web-based e-mail, then you probably are tapping into the “cloud,” because the remotely hosted application and information are pushed to you “on demand” based upon your needs. For a more expansive definition of cloud computing, please see the National Institute of Standards’ definition (NIST Special Publication No. 800-145).

Healthcare providers are also turning to the cloud to remotely host their applications and data. Their reasons for doing this are generally to save money and/or to help ensure data is secure and available. 

You might ask: why outsource applications and data when I can maintain these things in-house with my own IT staff?  Keeping up IT infrastructure is expensive, and making sure technology is secure can be a daunting task.

On the other hand, cloud computing providers maintain world-class computing resources with robust network connectivity and security.  They generally have highly secure data center facilities to help ensure the security, availability and integrity of the applications and data that they host for customers. 

Healthcare providers can take advantage of the cloud computing provider’s resources at relatively little cost. 

However, not all cloud computing providers are the same. Here are five factors to consider.

1. Time in the marketplace. Some cloud computing providers have been around for over a decade, while others have been around for only a few years. 

2. Availability of resources. You should ensure that the cloud computing provider’s network resources and servers are highly available (e.g., 99.9 percent). Usually, cloud computing providers guarantee network and server availability in their service level agreements (SLAs).

3. Security. Some cloud computing providers may be more secure than others. You may want to see if you can obtain a copy of the cloud computing provider’s security policies and most recent audit report (e.g., SSAE16).  (There are many other business and technical considerations as well. These are but a few.)

Bear in mind, too, that you should also keep in mind the security of your own computer systems. Some cloud computing providers also offer remote infrastructure management (RIM) services for managing endpoint security. 

4. Network connectivity to the cloud. You also should make sure your network connectivity is reliable and robust enough (e.g., sufficient bandwidth) to access the applications and information that are remotely hosted by the cloud computing provider. This may mean that you may need to “upgrade” your network capabilities before going to the “cloud.”

5. Written Contract or Agreement. Finally, the cloud computing provider should be vetted not only for its technological capabilities, but also, in terms of what the provider is willing to commit to in writing by way of a written agreement.  To that end, you may wish to consult with your IT staff and attorney.

Lee Kim, Esq., is an attorney with Tucker Arensberg, PC, in Pittsburgh, Pa. This article originally appeared on the HIMSS Blog.