Is The Cloud Safe For Health Apps? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Electronic Health Records

Is The Cloud Safe For Health Apps?

Some healthcare providers are still hesitant to put patient data and clinical apps in the cloud. Here's how they cope with their angst.

Healthcare organizations are slowly turning to the cloud to run applications. That's especially true for smaller healthcare providers who don't have the IT staff or resources to roll out and support new in-house applications, let alone the hardware, networking, or other IT infrastructure that goes along with it.

Yet, while some healthcare providers are beginning to sign up for SaaS subscriptions for business- and administrative-related applications, they're holding back, still refusing to move clinical software and patient data.

That's the case with Springfield Clinic, a multi-specialty physicians group with 280 doctors serving 2 million patients in 14 counties in central Illinois. Springfield Clinic has been growing rapidly, adding about 30 to 40 physicians a year through recruitment efforts and mergers. It needed a way to bring these doctors into the group quickly and cost efficiently. So, about a year ago, the group began tapping managed application services from cloud-based services provider NaviSite to run and support the clinic's Oracle PeopleSoft financials, payroll, and HR applications.

The cloud makes it easier and more affordable for Springfield Clinic to add capacity to its systems when new doctors join the clinic, said Springfield Clinic CIO Jim Hewitt in an interview with InformationWeek Healthcare. Newly added doctors to the clinic "still need training and conversion" from their previous financial systems, "but we don't need to worry about expanding the IT infrastructure to do this, the hardware or software," he said.

The clinic also is using cloud-based patient portal software from FollowMyHealth to allow patients to view their medical records, securely communicate with physicians, and schedule appointments.

But for their cloud-based patient portal, patients must voluntarily sign up to use the services and give their consent for data to be accessed by them via the Web. "That takes risk out," said Hewitt about some of the issues Springfield worries about. So far, about 14,000 patients have signed up for the service.

But like many other healthcare facilities, Springfield Clinic is not ready to put the data of its 2 million patients in the cloud by moving their EMR to the cloud, said Hewitt. "Our EMR vendor [Allscripts] is looking at SaaS, but there's been push-back from providers like us," he said. Providers have concerns about putting patients' personal health information on the cloud because of Health Insurance Portability and Accountability Act (HIPAA) concerns and liability, he said.

"I'm the custodian of your health records, but you the patient own it," he said."If I as a healthcare provider sign up a SaaS vendor, I've created a business-associate relationship, and patients don't know who has their data," he said. On the other hand, if a patient signs up to use a portal service, they're informed about their data being on the Web, he said.

"If I'm going to take the records of 2 million patients and put it out on the cloud, there needs to be a great level of trust," he said. HIPAA violations--besides risking the trust of patients--can be incredibly expensive to handle for a healthcare provider, he said.

"If I have an incident with 2 million patient records on the cloud, and I have to pay one year of credit protection at $40 a pop for each of those 2 million patients who might've had their identity violated, that's $80 million to start," not to mention federal fines and other fees and costs associated with fixing the problem, he said. With those risks in mind, "we'll do due diligence on SaaS," before moving the organization's electronic medical records or other clinical systems into the cloud.

Find out how health IT leaders are dealing with the industry's pain points, from allowing unfettered patient data access to sharing electronic records. Also in the new, all-digital issue of InformationWeek Healthcare: There needs to be better e-communication between technologists and clinicians. Download the issue now. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll