Is The Cloud Safe For Health Apps? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Electronic Health Records

Is The Cloud Safe For Health Apps?

Some healthcare providers are still hesitant to put patient data and clinical apps in the cloud. Here's how they cope with their angst.

Healthcare organizations are slowly turning to the cloud to run applications. That's especially true for smaller healthcare providers who don't have the IT staff or resources to roll out and support new in-house applications, let alone the hardware, networking, or other IT infrastructure that goes along with it.

Yet, while some healthcare providers are beginning to sign up for SaaS subscriptions for business- and administrative-related applications, they're holding back, still refusing to move clinical software and patient data.

That's the case with Springfield Clinic, a multi-specialty physicians group with 280 doctors serving 2 million patients in 14 counties in central Illinois. Springfield Clinic has been growing rapidly, adding about 30 to 40 physicians a year through recruitment efforts and mergers. It needed a way to bring these doctors into the group quickly and cost efficiently. So, about a year ago, the group began tapping managed application services from cloud-based services provider NaviSite to run and support the clinic's Oracle PeopleSoft financials, payroll, and HR applications.

The cloud makes it easier and more affordable for Springfield Clinic to add capacity to its systems when new doctors join the clinic, said Springfield Clinic CIO Jim Hewitt in an interview with InformationWeek Healthcare. Newly added doctors to the clinic "still need training and conversion" from their previous financial systems, "but we don't need to worry about expanding the IT infrastructure to do this, the hardware or software," he said.

The clinic also is using cloud-based patient portal software from FollowMyHealth to allow patients to view their medical records, securely communicate with physicians, and schedule appointments.

But for their cloud-based patient portal, patients must voluntarily sign up to use the services and give their consent for data to be accessed by them via the Web. "That takes risk out," said Hewitt about some of the issues Springfield worries about. So far, about 14,000 patients have signed up for the service.

But like many other healthcare facilities, Springfield Clinic is not ready to put the data of its 2 million patients in the cloud by moving their EMR to the cloud, said Hewitt. "Our EMR vendor [Allscripts] is looking at SaaS, but there's been push-back from providers like us," he said. Providers have concerns about putting patients' personal health information on the cloud because of Health Insurance Portability and Accountability Act (HIPAA) concerns and liability, he said.

"I'm the custodian of your health records, but you the patient own it," he said."If I as a healthcare provider sign up a SaaS vendor, I've created a business-associate relationship, and patients don't know who has their data," he said. On the other hand, if a patient signs up to use a portal service, they're informed about their data being on the Web, he said.

"If I'm going to take the records of 2 million patients and put it out on the cloud, there needs to be a great level of trust," he said. HIPAA violations--besides risking the trust of patients--can be incredibly expensive to handle for a healthcare provider, he said.

"If I have an incident with 2 million patient records on the cloud, and I have to pay one year of credit protection at $40 a pop for each of those 2 million patients who might've had their identity violated, that's $80 million to start," not to mention federal fines and other fees and costs associated with fixing the problem, he said. With those risks in mind, "we'll do due diligence on SaaS," before moving the organization's electronic medical records or other clinical systems into the cloud.

Find out how health IT leaders are dealing with the industry's pain points, from allowing unfettered patient data access to sharing electronic records. Also in the new, all-digital issue of InformationWeek Healthcare: There needs to be better e-communication between technologists and clinicians. Download the issue now. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll