Healthcare data are entering a new era with the mass adoption of EHRs, the harnessing of big data, the rise of genomics, personalized medicine, and more. To manage all that data, hospitals and other healthcare entities will increasingly be looking to new solutions involving the cloud, numerous tech experts tell Healthcare Dive, and are increasingly ready to move past the regulatory and security concerns that have previously held healthcare back.
Research appears to back those ideas up; a report by MarketsandMarkets predicts the healthcare cloud computing market will grow from $3.73 billion in 2015 to $9.48 billion by 2020.
It’s not only the need for data storage driving the move, but pushes to advance interoperability, payment reform, mobile data access, and security, says Missy Krasner, Managing Director for Healthcare & Life Sciences of Box, a cloud storage and collaboration company working with institutions including the Henry Ford Health System, Beaumont Health System, and Johns Hopkins Healthcare Solutions. Krasner previously served as a founding member of Google Health and was senior advisor to the first National Coordinator for Health IT at the ONC.
“Now because healthcare is so in need of better interoperability and better connections, they need to figure out a better way to communicate outside of their firewalls with all the people they do business with every single day, and that’s really hard to do if your data are locked on-prem in servers,” Krasner says.
Hospitals and payers have historically been slower to the cloud than other industries, but “in the last five years there’s been a massive move,” she says, noting that according to MarketsandMarkets, there has been growth from about 4% of the healthcare industry doing some kind of cloud computing to a prediction of 20% by 2017. “There’s been a very large year-over-year adoption,” she says.
Cloud Computing? Why now?
“It’s a data explosion,” Krasner says, arguing there’s no way healthcare entities can continue, from an infrastructure standpoint, to house all their data onsite with their own servers because of the expense and the lockdown on the data. “If it’s all in separate enterprise silos such as EHRs, billing and registration systems, it’s difficult to do an analysis,” she says. “Doing it in the cloud allows for one platform and one security model, and immediate access to start doing things with the data.”
The option of virtualizing an onsite environment is still being done but it’s old-school, Krasner says.
Experts at NetApp take a similar view the cloud can be used to create a “unified” infrastructure, and note it adds the value of scalability. “Scale-out storage solutions can easily accommodate data growth,” they say. “Healthcare organizations can start small and grow incrementally with infinite scaling to meet increasing data requirements and keep pace with changing data requirements.”
Will it be a choice?
Leading EHR vendors are still on-premises, and most organizations are still invested in that model of paying to have software deployed and maintained on site, Krasner says. On top of that, experts including Egor Kobelev, Software Delivery Manager at DataArt, note there are reasons for maintaining at least some onsite data that won’t go away, such as protection for issues with access, outages and disaster recovery.
However, “in a world of absolute interoperability [means] you’re not going to survive unless you modernize and move to the platform API model, and that’s all web and cloud-based,” Krasner says. “It’s very hard to do that when you’re still on-prem.”
What to expect in the near-term
With all that said, Krasner suggests hybrid solutions will be the trend over the next five to 10 years, with hospitals outsourcing specific functions such as population health to the cloud, and adjusting their strategy over time based on a combination of their incentive to change and their investment in their current infrastructure. Entities such as academic medical centers engaging in massively data-intensive efforts such as genomics and personalized medicine will lead the way in utilizing cloud infrastructure, while smaller entities such as community hospitals will typically be last to determine a need, Krasner suggests.
The hybrid vision was shared by a variety of experts weighing in with Healthcare Dive, including Matt Richards, vice president of products and market, and Kelley Brooks, director of marketing, at ownCloud.
They suggest the ultimate answer is going to be a combination brought together onto mobile devices. “We will see a mix of hybrid solutions from traditional vendors all the way over to cloud-based solutions,” they say, stressing the cloud is not suited to everything and decisions will also be influenced by regulations and matters of economics. “But, in the end, it will be a mix of both,” they say.
Joe Grover, partner of LiquidHub, suggests hospitals will continue to add new services where the use of cloud services for data storage adds capability, customers, or landscape but agrees traditional data storage, where investment has already been placed, will continue to be kept within the walls of the organization. “Most that venture into the cloud services model will still insist on utilizing private cloud solutions where data are concerned,” he says.
Security and risk concerns
Krasner and other experts add multiple service providers including Amazon and Google have signed HIPAA business associate agreements, which addresses much of the regulatory aspect of healthcare in the cloud.
“Most cloud providers now are able to sign BAAs and manage the data in a HIPAA compliant manner,” says Ananth Balasubramanian, head of Commvault’s Vertical Solutions Business Unit. He adds data management software now provide encryption of data on the fly and at rest to ensure a high level of security. “Understanding these factors help healthcare organizations become comfortable moving their data to the cloud,” he says.
While many promote the cloud as a security improvement, Mounil Patel, a VP of Strategic Field Engagement at Mimecast, stresses moving to the cloud doesn’t absolve IT of risk management practices. “Risk actually increase in new areas,” he warns, because if hackers do breach cloud vendors they would be able to access data for many customers, making vendors higher targets than individual companies. “Picking one lock opens many doors,” he says.
Patel adds as vendors grow their cloud infrastructure to serve more customers, the risk of failure increases. “Organizations need to plan for these risks and address them the same way they would within their same data center by adding layered multivendor security and encryption, service redundancy and independent backup,” he says. “Single vendor replication can’t protect you from unintentional or malicious human error.”
Dinesh Sheth, founder and CEO of Green Circle Health, suggests in the case of the healthcare industry, embracing the cloud is more of cultural change or leadership adoption issue, not a security, technology or regulatory issue. “Healthcare IT is slow to change, but it is happening,” he says. “Over time we will see more use of cloud-based platforms, which tend to be more robust than in-house IT managed platforms. It is only question of time before we get there.”