Pre-cloud healthcare IT looked very different than it does today. HIPAA came into existence in the mid 90s and it took about 10 years for its rules and protocols to become well established industry practices and laws.
During this time period, healthcare IT also modernized, moving to digital records and adopting a mindset of “encrypt everything and share nothing” which translated into the perceived necessity to self-host all infrastructure in-house.
5 years ago, cloud exploded which altered the way, often in a challenging sense, business felt they needed to approach their infrastructure strategy. Cloud’s benefits are well known, and businesses dealing with heavily digitized and distributed business models and consumers were faced with an important choice: move with the technology or continue to run IT as always (at an increasing cost).
In many ways, hospitals and healthcare organizations are like all businesses – they need to operate with a level of fiscal conservatism, they need to be profitable, and they need to access new savings whereever possible. However, the advent of cloud as a viable IT (and business) paradigm raised some major questions central to the specific needs of healthcare organizations:
How do we reduce our capital costs in technology? How do we leverage the cloud for healthcare? How do we transition from a model of “share nothing” to creating a national electronic health information system?
While there are many, many layers of healthcare IT, everything boils down to quality of service for the patient in the end. People are not static in their behavior or their health needs. People travel, for example, and can be injured while abroad. The ability to share patient information across broad geographic distance quickly and easily better enables quality of service for any individual. Achieving this securely and reliably is central to ensuring that the information is used for the right reasons.
Whether its insurance information or patient records, however, security is of chief concern. HIPAA regulations have helped with this, since the data being accessed is the kind that could be very easily abused. Whether identity theft or the exposure of personal information for public consumption, healthcare data is very vulnerable if disclosed. There still needs to be the principle of “encrypt everything, share nothing” for healthcare IT and patient data, but in the cloud era the rule has evolved to “encrypt everything, protect what needs to be protected, and share what needs to be shared.”
Cloud is still in its infancy where healthcare adoption is concerned, but its a fast growing reality. Questions still remain around how the cloud can be leveraged to bring together the disparate, though very necessarily complementary aspects of healthcare IT. Third party SaaS providers, for example, who support insurance records are HIPAA entities, and can therefore monitor and maintain the security and integrity of patient data. Yet, because of their expansive reach, other healthcare organizations can tie into their system to access patient information in a secure fashion all through cloud solutions.
This is an over-simplification of course, since there are many other layers involved in this process. But the rise of the SaaS provider in the healthcare industry, the shift, therefore, to a subscription service, as well as the establishment of exchanges being created tie multiple SaaS providers and health organizations together like never before and highlight teh flexibility and viability of clouds place in healthcare.
By Jake Gardner