- Corporate Security
- Governance, Risk & Compliance
- Information Security
While some industries seem to fanatically implement each new cloud-based solution as it comes along, healthcare has traditionally moved more slowly to take advantage of hosted software and services.
As late as the middle of the last decade, for example, physicians who didn’t maintain thousands of paper records were the outliers—dangerous risk-takers flirting with disaster on the cutting edge of technology.
Now however, thanks to HITECH and Meaningful Use, more than 8 in 10 office-based doctors use an Electronic Health Record (EHR) system. Industry-wide, organizational adoption sits at around 60%.
But the cloud isn’t simply all about EHR and other clinical apps. Hosted solutions are now commonplace in finance and operations, human resources, IT, incident management, and more.
With the cloud comes risk, of course, but also great value. In this piece, we’ll explore some of the benefits inherent in hosted solutions, some of the challenges they pose, and one critical misconception that may be preventing you from fully embracing the future of healthcare IT.
More than 80% of healthcare IT departments are using at least some type of cloud-based solution.
A 2014 study by the Health Information and Management Systems Society (HIMSS) looked at the ways healthcare organizations in the United States have adopted cloud computing.
According to the survey:
83% of healthcare IT organizations currently use hosted services. Approximately 9% intend to; 6% definitely do not. The small remainder report they don’t know their organization’s plans.
Those taking advantage of hosted solutions cited reduced maintenance costs, increased deployment speed, and fewer staffing challenges as reasons they moved to the cloud.
When selecting a hosted provider, top considerations included the vendor’s willingness to enter into a BAA to protect personal health information, and the extent to which the provider allayed security concerns.
On paper, the value of the cloud would seem to be self-apparent: simpler access to patient records, increased collaboration across the healthcare system, reduced data costs, improved data sharing (to support advanced research, for example), and more.
In the real world, of course, these advantages are tempered by concerns over the challenges hosted solutions pose, but there’s no reason not to move forward if issues and concerns are capably addressed.
Indeed, HIMSS survey respondents reported a wealth of benefits that led them to adopt a hosted solution.
And post-implementation? Among other benefits, respondents reported better technological capabilities, greater productivity, more streamlined processes, better compliance—and lower exposure to risk, not greater.
Moving to the cloud is not without its challenges, however. Here are four you may encounter, as reported by respondents to the HIMSS survey.
Yes, if you’re replacing an old system with a hosted solution, there will be replacement costs. The right vendor, however, should be able to capably demonstrate ROI and help you determine when your new system will start to pay for itself. Don’t forget—you’re probably paying to maintain your current system, and those costs will go away.
Your current IT infrastructure may simply be too old to support or monitor a new hosted system. Be prepared to frankly examine whether or not you need to upgrade.
Anxiety around physical and information security typically ran high when moving to the cloud, although—as mentioned earlier—a vendor’s willingness to enter into a HIPAA Business Associate Agreement (BAA) usually went a long way toward dispelling concerns.
Two-thirds of HIMSS respondents reported service difficulties with their vendors—a lack of visibility into vendor operations, customer service problems, and additional costs or fees associated with the solution were among the most common.
In the HIMSS survey, approximately 60% of respondents reported being concerned about vendor compliance with regulations and legislation such as HIPAA, PCI DSS and SOX.
Caution is warranted here—when a HITECH violation can cost $50,000, for example, it’s important to make sure compliance is taken care of. But what wasn’t mentioned in the survey is that compliance worries often stem from a common misconception about hosted solutions: that the cloud is out of the question if you don’t have the infrastructure to host your data onsite.
This couldn’t be farther from the truth. In fact, most available cloud-based software suites host data in a way that specifically facilitates healthcare compliance. Simply hosting PHI externally, for example, doesn’t automatically make your organization non-compliant—especially if a BAA is in place and your vendor takes explicit steps to protect personal health information.
Say the words “healthcare” and “cloud” in the same sentence and most people think of PHI and EHR systems. But there are dozens of hosted options available to the modern healthcare organization—from virtual servers to data hosting, from clinical apps to back office suites.
One area you may wish to explore is incident management. Hosted solutions such as Resolver can help you more easily manage incidents, then track their resolution from start to finish. With Resolver, you can go beyond routine incident-reporting to robust investigation management— and all of it enabled by the cloud.