Is The Cloud Safe For Health Apps? - InformationWeek
Healthcare // Electronic Health Records
03:11 PM
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

Is The Cloud Safe For Health Apps?

Some healthcare providers are still hesitant to put patient data and clinical apps in the cloud. Here's how they cope with their angst.

Healthcare organizations are slowly turning to the cloud to run applications. That's especially true for smaller healthcare providers who don't have the IT staff or resources to roll out and support new in-house applications, let alone the hardware, networking, or other IT infrastructure that goes along with it.

Yet, while some healthcare providers are beginning to sign up for SaaS subscriptions for business- and administrative-related applications, they're holding back, still refusing to move clinical software and patient data.

That's the case with Springfield Clinic, a multi-specialty physicians group with 280 doctors serving 2 million patients in 14 counties in central Illinois. Springfield Clinic has been growing rapidly, adding about 30 to 40 physicians a year through recruitment efforts and mergers. It needed a way to bring these doctors into the group quickly and cost efficiently. So, about a year ago, the group began tapping managed application services from cloud-based services provider NaviSite to run and support the clinic's Oracle PeopleSoft financials, payroll, and HR applications.

The cloud makes it easier and more affordable for Springfield Clinic to add capacity to its systems when new doctors join the clinic, said Springfield Clinic CIO Jim Hewitt in an interview with InformationWeek Healthcare. Newly added doctors to the clinic "still need training and conversion" from their previous financial systems, "but we don't need to worry about expanding the IT infrastructure to do this, the hardware or software," he said.

The clinic also is using cloud-based patient portal software from FollowMyHealth to allow patients to view their medical records, securely communicate with physicians, and schedule appointments.

But for their cloud-based patient portal, patients must voluntarily sign up to use the services and give their consent for data to be accessed by them via the Web. "That takes risk out," said Hewitt about some of the issues Springfield worries about. So far, about 14,000 patients have signed up for the service.

But like many other healthcare facilities, Springfield Clinic is not ready to put the data of its 2 million patients in the cloud by moving their EMR to the cloud, said Hewitt. "Our EMR vendor [Allscripts] is looking at SaaS, but there's been push-back from providers like us," he said. Providers have concerns about putting patients' personal health information on the cloud because of Health Insurance Portability and Accountability Act (HIPAA) concerns and liability, he said.

"I'm the custodian of your health records, but you the patient own it," he said."If I as a healthcare provider sign up a SaaS vendor, I've created a business-associate relationship, and patients don't know who has their data," he said. On the other hand, if a patient signs up to use a portal service, they're informed about their data being on the Web, he said.

"If I'm going to take the records of 2 million patients and put it out on the cloud, there needs to be a great level of trust," he said. HIPAA violations--besides risking the trust of patients--can be incredibly expensive to handle for a healthcare provider, he said.

"If I have an incident with 2 million patient records on the cloud, and I have to pay one year of credit protection at $40 a pop for each of those 2 million patients who might've had their identity violated, that's $80 million to start," not to mention federal fines and other fees and costs associated with fixing the problem, he said. With those risks in mind, "we'll do due diligence on SaaS," before moving the organization's electronic medical records or other clinical systems into the cloud.

Find out how health IT leaders are dealing with the industry's pain points, from allowing unfettered patient data access to sharing electronic records. Also in the new, all-digital issue of InformationWeek Healthcare: There needs to be better e-communication between technologists and clinicians. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll