Is The Cloud Safe For Health Apps? - InformationWeek
Healthcare // Electronic Health Records
03:11 PM

Is The Cloud Safe For Health Apps?

Some healthcare providers are still hesitant to put patient data and clinical apps in the cloud. Here's how they cope with their angst.

Healthcare organizations are slowly turning to the cloud to run applications. That's especially true for smaller healthcare providers who don't have the IT staff or resources to roll out and support new in-house applications, let alone the hardware, networking, or other IT infrastructure that goes along with it.

Yet, while some healthcare providers are beginning to sign up for SaaS subscriptions for business- and administrative-related applications, they're holding back, still refusing to move clinical software and patient data.

That's the case with Springfield Clinic, a multi-specialty physicians group with 280 doctors serving 2 million patients in 14 counties in central Illinois. Springfield Clinic has been growing rapidly, adding about 30 to 40 physicians a year through recruitment efforts and mergers. It needed a way to bring these doctors into the group quickly and cost efficiently. So, about a year ago, the group began tapping managed application services from cloud-based services provider NaviSite to run and support the clinic's Oracle PeopleSoft financials, payroll, and HR applications.

The cloud makes it easier and more affordable for Springfield Clinic to add capacity to its systems when new doctors join the clinic, said Springfield Clinic CIO Jim Hewitt in an interview with InformationWeek Healthcare. Newly added doctors to the clinic "still need training and conversion" from their previous financial systems, "but we don't need to worry about expanding the IT infrastructure to do this, the hardware or software," he said.

The clinic also is using cloud-based patient portal software from FollowMyHealth to allow patients to view their medical records, securely communicate with physicians, and schedule appointments.

But for their cloud-based patient portal, patients must voluntarily sign up to use the services and give their consent for data to be accessed by them via the Web. "That takes risk out," said Hewitt about some of the issues Springfield worries about. So far, about 14,000 patients have signed up for the service.

But like many other healthcare facilities, Springfield Clinic is not ready to put the data of its 2 million patients in the cloud by moving their EMR to the cloud, said Hewitt. "Our EMR vendor [Allscripts] is looking at SaaS, but there's been push-back from providers like us," he said. Providers have concerns about putting patients' personal health information on the cloud because of Health Insurance Portability and Accountability Act (HIPAA) concerns and liability, he said.

"I'm the custodian of your health records, but you the patient own it," he said."If I as a healthcare provider sign up a SaaS vendor, I've created a business-associate relationship, and patients don't know who has their data," he said. On the other hand, if a patient signs up to use a portal service, they're informed about their data being on the Web, he said.

"If I'm going to take the records of 2 million patients and put it out on the cloud, there needs to be a great level of trust," he said. HIPAA violations--besides risking the trust of patients--can be incredibly expensive to handle for a healthcare provider, he said.

"If I have an incident with 2 million patient records on the cloud, and I have to pay one year of credit protection at $40 a pop for each of those 2 million patients who might've had their identity violated, that's $80 million to start," not to mention federal fines and other fees and costs associated with fixing the problem, he said. With those risks in mind, "we'll do due diligence on SaaS," before moving the organization's electronic medical records or other clinical systems into the cloud.

Find out how health IT leaders are dealing with the industry's pain points, from allowing unfettered patient data access to sharing electronic records. Also in the new, all-digital issue of InformationWeek Healthcare: There needs to be better e-communication between technologists and clinicians. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll