Just like many others across the healthcare industry, John Showalter, MD, and his colleagues at University of Mississippi Medical Center used to have some serious apprehensions about migrating to the cloud.
As recently as three or four years ago, "we were in the fully-trepedatious-scared-of-the-cloud-can't-possibly-go-there-we-don't-have-control mindset," said Showalter, UMMC's chief health information officer.
But cloud vendors have done a much better job listening to the industry-specific concerns of healthcare customers – especially related to data security – and have tailored their technologies and certifications accordingly.
That has helped ease many of the trust concerns of providers such as UMMC, enabling it to more freely embrace software- and platform-as-a-service offerings – and used them to do some leading-edge data-crunching projects much more efficiently and cost-effectively, said Showalter, who's responsible for the health system's enterprise analytics strategy.
After years of resistance, a move to the cloud started to make sense, he said, as more and more of the analytics technologies fancied by the CHIO and his team came from "vendors where it made sense to send them our data."
Of course, UMMC performed intense security vetting before doing so. But more and more it became apparent that the safeguards were usually well in place, and the health system began "getting more comfortable," said Showalter.
Fast-forward a few years, and "we have moved to a place where we're going to be rolling out all of our future analytics functions – even the stuff that we're building – into a cloud-based environment," he said. "We're not, for our go-forward planning, doing anything on premises. It's all targeted for the cloud."
Learn more at the Cloud Computing Forum HIMSS17. Register here.
⇒ Intermountain exec Todd Dunn explains how cloud services speed up innovation
⇒ UPMC security chief shares pitfalls and advice about avoiding them when negotiating cloud contracts
Depending on who the analytics vendor partner is, UMMC avails itself of several different cloud providers: "Some with Amazon Web Services, some private, some other secure services," Showalter explained. Soon, "we're moving to a platform-as-a-service vendor (Microsoft Azure), and we're going to begin doing all of our work on that platform."
That relatively quick and robust embrace of the cloud, following an easing of apprehension and doubt, is not just happening at UMMC. "Oh, I think it's changing industry wide," said Showalter.
"I think two things are happening that are beginning to bridge that gap," he said. "One, the cloud vendors are becoming much more sensitive toward healthcare security and our concerns. For instance, Microsoft Azure just announced on Jan. 3 that they're now HITRUST certified. So they were FISMA certified, and FERPA certified, and DoD certified, and now they're HITRUST certified."
That recognition has really helped speed the adoption of cloud platforms, said Showalter. "It's a lot easier for us to make the argument that we're going to put it in a FISMA-compliant environment than we're just putting it in some random cloud vendor."
Adding to that sense of ease, at least at UMMC, is the fact that "we now have several years' experience of data in the cloud and, knock on wood, haven't had any negative outcomes," he said. Just as the IT staff and clinicians at the health system have become more comfortable with the tools and the processes, the vendors have become more robust about their security practices.
"Now we've met in this sweet spot in the middle that's the go-forward strategy,” Showalter said. “And nothing else really makes sense.”
Overcoming data governance, contracting challenges
That’s not to say that there haven't been hurdles along the way. Big sticking points early on included ironing out which data gets sent, where PHI is going, who approves it, who is involved as well as the legal and compliance issues.
"We're now pretty comfortable that if our office of information security signs off on it, we're OK to use it,” Showalter said.
Another challenge had to do with ensuring vendors and providers spoke the same language when it came to ensuring security provisions and sifting through vendor specs sometimes 20 pages long that were difficult to understand.
"We're getting very streamlined about that: Here's what we need to know and here's what we need to look and putting it in a diagram so everyone can understand it and get very clear communication around what the security is, so people can make an accurate assessment and get comfortable,” Showalter said. “But that lack of clarity around the security was a big thing to get over."
Indeed, many cloud providers have become much more attuned to healthcare's very specific needs in recent years and have gotten much better at catering to them.
"There were vendors a few years ago that we couldn't work with because Amazon Web Services wouldn't sign a business associate agreement, and without a BAA we couldn't really follow HITECH", said Showalter. "Now Amazon's offerings are set up so they will sign a BAA with you. The vendors are coming much further into the healthcare space and interacting with us in the way our regulations require us to. "Especially the big names. Microsoft and AWS are much different to work with this year compared with last year, even. And this year versus three years ago is night and day."
Agility, scalability leading to big gains
Having cleared those hurdles and moved its analytics to a cloud-based environment, UMMC has fairly quickly seen some impressive wins. Even better, PaaS architecture enables Showalter and his team to build upon and expand them with minimal investments of time and money.
"Our predictive analytics vendor is all cloud based," he said. "And we're sending somewhere between 60 and 80 percent of our electronic record into the cloud with them.”
That vendor then runs deep machine learning computations on UMMC’s data and interfaces back to the EHR to create what Showalter described as a closed-loop solution.
"We're using that for pressure ulcers and we've seen, depending how you slice the data and what you look at, between a one-third and two-thirds reduction in pressure ulcers since we started using those predictive scores," he added.
Showalter said that translates to $2 million in annual savings for the pressure ulcer reduction alone and UMMC is expanding it to look at readmissions.
"It's a completely expandable platform because we just send the data up, they run a different algorithm against it and integrate it back in,” he added. “We're running three algorithms now, but it's expandable up to 50 without us having to buy any hardware or anything."
What’s more, Showalter put the total effort to add a new algorithm at approximately three hours of integration work.
If UMMC were to do those analytics projects internally using its own servers, the heavy lifting would require a supercomputer on-site.
"That would completely make it cost-prohibitive. And if we were running the supercomputer on one algorithm, we'd have to wait for it to be finished before starting the next one,” said Showalter.
For the year ahead, UMMC has several analytics initiatives planned or in the works that will be making full use of the cloud's agility, including one that aims to bring better decision support to the point of care.
"We're in the middle of a pilot now where we're sending data out to Amazon Web Services, working with the vendor that's doing visualizations around the data that pop up during the physician workflow," Showalter said.
UMMC plans to pilot the app, which offers clinicians a picture of different risks to a particular patient, in January and February with the intention of rolling it out more broadly in March to reduce radiology and pharmacy utilization.
Concurrently, "we're migrating our data visualizations and our deidentified data warehouse to the Azure platform-as-a-service," he said. "We're also beginning the process of putting together a statewide data network on the Azure platform as a service. We'll be very heavily cloud by this time next year."
Showalter will discuss his experience in "A CHIO's Journey to the Cloud: Lessons Learned, Best Practices, Next Steps," at the Cloud Computing Forum at HIMSS17 in Orlando, February 19 from 11:55 a.m. to 12:35 p.m. at Plaza International DEF Ballroom. HIMSS17 runs from Feb. 19-23, 2017 at the Orange County Convention Center.
This article is part of our ongoing coverage of HIMSS17. Visit Destination HIMSS17 for previews, reporting live from the show floor and after the conference.