No longer isolated to “Those puffy objects in the sky”
Google the word “cloud.” Fifteen years ago, the search engine may have returned results that included this or this. Type in the word “cloud” today and good luck finding any information on those floating ice crystals in the sky that help sustain life on planet Earth.
(Note – Googling the word “cloud” in 2015 resulted in 1,080,000,000 results, none related to the puffy white objects in the sky – at least not in the first 12 Google SERPs I scrolled through.)
As more healthcare organizations employ cloud software-as-a-service (SaaS) solutions to leverage their elasticity, scalability, and ease-of-access, questions arise as to how these systems actually work and whether their effectiveness and feasibility translates into tangible investment potential. What’s clear is that more and more healthcare entities are increasingly investigating the use of cloud SaaS solutions for myriad capacities, including clinical application and data hosting, health information exchange, and backups and data recovery.
According to the 2014 HIMSS Analytics Cloud Survey (results for 2015 have not been released), 83% of healthcare organizations are currently using cloud services. However, it should be noted that these services are not all SaaS, but categorized as:
· Software-as-a-Service (SaaS)
· Infrastructure-as-a-Service (IaaS)
· Platform-as-a-Service (PaaS)
The survey also reported that improving technological capabilities or capacities, positively affecting finances, and deployment times are the top three metrics that healthcare organizations use to measure the value of cloud-based services, followed closely by improved workforce productivity and streamlining business processes.
Cloud Software-as-a-Service (SaaS) Truths and Myths
Due to the rise in popularity of cloud services and in keeping with most new technological advancements, there are plenty of questions about how these systems work. Who controls the data? How complicated and lengthy is the deployment process? What security is in place to protect patient privacy? Is the system easily scalable?
Let’s examine some truths and myths of using cloud SaaS solutions in healthcare:
Myth: The perceived complexity of working around legacy systems and integrating workloads makes cloud SaaS solutions a burden during integration.
Truth: Certain cloud SaaS vendors have a great deal of expertise in streamlining and expediting the integration process with legacy systems. The key is to properly screen and comprehensively review vendor experience and track records prior to entering any kind of relationship.
Some cloud SaaS solutions do not require configuration with existing legacy systems but instead run as separate platforms that do not require integration and under normal circumstances, most cloud SaaS solutions should not take more than 48 hours to configure and deploy. In fact, some cloud SaaS solutions can be implemented in a matter of hours depending upon IT resources, vendor availability, and network infrastructure.
The key is preparedness. Prior to deploying a cloud SaaS solution, map out a plan that includes strategies and tactics to achieve higher value by addressing: goals and expected return on investment (ROI), IT governance resource allocation, network infrastructure and monitoring capabilities, problems and outages, and important metrics to monitor.
The key to facilitate a quick deployment turnaround for any cloud SaaS solution is to have a plan in place prior to implementation.
Myth: In the absence of concrete regulation and factoring in the rise of healthcare data breaches, cloud SaaS solutions are inherently insecure and pose a threat to privacy.
Truth: It’s a fact that physical theft of on-site devices and data is the most likely cause of healthcare data breaches, despite the general perception of healthcare providers that the only way to ensure data protection is to keep it close to home. In reality, hackers that break into servers within enterprise data centers are 4 times as likely to suffer a malware/bot attack than a cloud hosting provider, according to a 2014 Cloud Security Report from Alert Logic.
Prior to implementing a cloud SaaS service, healthcare organizations should conduct an extensive review of vendor risk management policies, ensure that the solution includes audit functions, and verify that the vendor is HIPAA compliant (especially if they have access to protected health information (PHI) of the covered entity). Essentially, you want to engage in relationships with cloud SaaS vendors that understand the regulatory requirements of the healthcare landscape and are transparent about their security and data protection policies.
A large majority of cloud SaaS solutions can offer security advantages that are absent from on-site storage, particularly those from HIPAA-compliant vendors. Look for vendors that are willing to sign a Business Associate Agreement that eases healthcare organization liability and offers a transparent, comprehensive security layer and data encryption methodology overview.
Myth: Cloud SaaS solution applicability begins and ends as a disaster recovery solution.
Truth: Although most healthcare organizations understand the importance of deploying off-site storage to ensure quick recovery in cases of disaster, cloud SaaS solution benefits extend far beyond disaster recovery. For example, most cloud SaaS vendors store data on enterprise-grade hardware that is normally cost-prohibitive for most small and mid-sized healthcare organizations and hospitals. Cloud SaaS solutions are also widely considered to offer a more secure environment with statistics showing that cloud-hosting providers are 4 times less likely to suffer malware attacks than enterprise data centers.
Cloud SaaS solutions are incredibly flexible. Healthcare IT resources are often stretched too thin because they must achieve a healthy balance between day-to-day activities and ongoing project management. When a cloud SaaS solution is utilized, suddenly healthcare organizations can benefit from reductions in IT resources that are generally associated with a legacy deployment model.
Plus, cloud SaaS vendors handle maintenance and support system updates, enabling health IT departments to allocate resources towards other strategic initiatives.
Finally, cloud SaaS services are proven to be more cost-effective, shifting a large portion of the scalable infrastructure and information security investment to vendors so that healthcare organizations can benefit from economies of scale and increased efficiencies.
Cloud SaaS solutions are quickly becoming a necessity in healthcare. Their role and function often shifts the burden of implementing secure systems and servers to the vendor who assumes the responsibility of continually monitoring network security threats and provides comprehensive audits and compliance reviews. Cloud SaaS vendors also conduct regular cybersecurity testing against third-party attacks to ensure data is protected and safe.
Continued misperceptions of cloud SaaS solutions are a barrier to widespread adoption. As the industry pivots towards extensive interoperability and data sharing between internal and disparate networks, cloud SaaS solutions will play an important role to improve care coordination and create system efficiencies. When you consider the eventual goals that are reflected in healthcare’s “triple aim” – improving population health, the patient experience, and healthcare affordability – it becomes difficult to envision a healthcare organization IT environment that doesn’t leverage the utility and power of cloud SaaS solutions.