5 reasons to adopt cloud computing in healthcare — and 5 roadblocks to avoid on your way

According to Microsoft, cloud computing is the delivery of computing services, such as storage, servers, analytics, and software over the cloud (via internet connection). It is easier to grasp the concept of the cloud when comparing it to the on-premises model. The main difference between the two is about where your hardware, software, and applications are located. In the case of on-premises deployment, all the infrastructure remains on the premises of the user company that is also responsible for maintenance. With the cloud solutions, the infrastructure is housed offsite and it is the cloud vendor who takes care of security and maintenance. Below is a more detailed comparison.

Even though the healthcare sector was already eager to adopt the cloud, the COVID-19 pandemic is speeding this process up even more. The Flexera 2021 State of Tech Spend report supports this claim. Almost 50% of the survey respondents increased their their cloud spending through 2020.

Cloud computing in healthcare can be deployed in three main service models: SaaS, PaaS, and IaaS.

There are many examples of cloud computing in the healthcare sector. Here are some of the most prominent ones.

Hosting emails is the most common application of cloud computing in the healthcare industry, and this is normally the first thing medical facilities consider while moving to the cloud. Penalties for email-related violations of HIPAA rules can amount to $100.000 for a single transgression. Hence, medical facilities are looking for a way to ensure compliance and security. Cloud vendors offer encryption services based on the required degree of security. Moreover, some cloud solutions offer email filtering options, which block malicious inbound messages and check outbound correspondence to prevent confidential files from leaving the hospital’s network.

Healthcare organizations are still relying heavily on faxing. Cloud faxing allows medical facilities to transmit data digitally instead of using paper. Some cloud faxing providers integrate their systems with hospitals’ email accounts. These healthcare cloud computing solutions also help with compliance, as they encrypt the content and protect it with a password. Additionally, cloud faxing keeps an updated log of activities and allows users to save the time they would otherwise spend on sending content manually and thus minimize human errors. Sending medical data to the wrong recipient is an existing problem resulting in lawsuits and reputational damage. For example, an Australian man admitted receiving ten medical referrals that hospitals sent to his private physical fax by mistake. These documents contained health plans of patients diagnosed with mental disorders.

Cloud computing-based medical records are gaining popularity in the healthcare sector. While building an in-house EHR capacity, healthcare facilities need to purchase software and hardware, set up the infrastructure, acquire licenses, buy new modules whenever they are released, and pay maintenance costs. Using cloud computing for personal health records can bring these costs as low as $100 per month on some occasions. In addition to financial gains, the cloud offers higher security, as it protects patient records by means of encryption, access control, and logging, etc. Finally, the cloud improves interoperability and facilitates data sharing, which is important for any future expansion plans. As Jitin Asnaani, the Executive Director of CommonWell, said in his interview with ERHIntelligence, “On an interoperability side, it’s a no-brainer. You have go-to cloud-based interoperability. You’re going to be building more connections over time. You’re going to be doing more with that data over time.” To support this with a real-life example, just recently, Jeddah’s International Medical Center, a multi-disciplinary hospital, announced its adoption of cloud-based EMR. Here is what Khalid Alem, the Deputy CEO of the Center, said, “This also will support us with our future growth and expansion programs. The standardization of EMR is critical for this project’s success as it strikes a perfect balance between optimum technology and enhanced patient care.”

The whole premise behind using cloud computing in the medical field is that healthcare facilities can gain access to computing power and storage capacity without the need to invest in infrastructure and hire dedicated support staff. The cloud operates on the pay-as-you-go basis. With this approach, hospitals are only paying for the services that they need, based on their actual usage patterns. Furthermore, there is no need to worry about updating and patching your platform as cloud vendors will take care of that. Also, with the cloud, healthcare organizations are relieved from long-term contracts and licensing agreements. According to Accenture, a healthcare organization that migrates to the cloud and employs a modern governance model has the potential to save 20% to 40% of its annual expenditures. In addition to saving costs, hospitals can cut on internal IT and human resource usage. B.J. Moore is the CIO of Providence, a healthcare organization that treats patients in seven different states. Here is what Moore says about Providence deploying the cloud: “We can retire half of our apps, and we’re finding a lot of these apps can be consolidated, so we’re reducing our estate of apps massively and retiring thousands of servers in the process. It’s about changing your practices to be in a cloud world, which is a just-in-time, elastic environment.” Here is another example of how cloud computing in healthcare helped reduce resource consumption. STAT Informatic Solutions, a company that specializes in healthcare management services, turned to ITRex to build a user-friendly release of information (ROI) solution with cloud-based storage. The resulting solution significantly minimized the number of clicks needed to manipulate the information, thereby cutting down the time employees spent on this task. Furthermore, the new ROI platform decreased wrongful information exposure and ensured HIPAA compliance.

According to a recent study from Accenture, 60% of healthcare CIOs recognize the security aspect that comes with the cloud. Cloud is secure by design because its default response is to deny access to users and services unless they are granted explicit permissions. This model is the opposite of on-premises solutions that are inherently open. Moreover, cloud vendors have highly qualified technical experts , which most healthcare organizations simply can’t recruit. These professionals conduct penetration testing and other preventive measures. They employ various security tools, such as encryption, and proactively monitor and address security threats instead of reacting when it is already too late. To improve cloud security in healthcare, vendors also allocate the time and budget to monitor vulnerabilities 24/7. They also offer automated backups and disaster recovery options.

Scalability is about reducing or adding resources to meet changes in demand. As healthcare organizations expand, they will need more computing power and/or storage capacity. With the cloud, they can scale up or down with a minimal disruption as the infrastructure is readily available. This benefit was particularly visible during the pandemic. Hospitals had a vast increase in patient volumes, and the ones using healthcare cloud computing didn’t need to hustle purchasing the latest hardware and updating their software. Another example is the flu season. Medical clinics can scale up when the season starts and scale down when it is over.

Hospitals produce 50 petabytes of structured and unstructured data every year and around 97% of it is not used. This data is a huge asset and, if put to work, can support real-time decision-making. Cloud computing for hospitals uses big data analytics and artificial intelligence with its subsets to offer advanced computational capabilities. It can aggregate and analyze vast amounts of relevant patient data. Doctors can use the insights to improve the diagnosing process, craft customized treatment plans, facilitate patient engagement, and spot any missing information from patients’ EHRs. Additionally, analytics can help spot any malfunctioning in the hospital system. For example, AWS CloudWatch Synthetics can check on vital monitoring devices every minute 24/7 and issue an immediate warning if a device starts behaving differently. B.J. Moore, CIO of Providence, believes that the cloud is a breakthrough in healthcare analytics. Here’s what he said,“ We use advanced AI models to predict COVID outbreaks, and if we didn’t have the cloud, we wouldn’t have been able to do this modeling. All the waves of innovation are going to be in the cloud, and if you want to compete, you have to be in the cloud.” Hygenix Inc., a patient safety tech company based in Connecticut, teamed up with ITRex to develop a platform of IoT cloud-connected devices to monitor hand hygiene of its healthcare staff. The platform gathered data on hand hygiene events, analyzed it, and produced reports to encourage better hygiene practices. After deployment, the participating hospitals witnessed over 70% increase in hand hygiene compliance within just one week.

The goal of interoperability is to integrate data throughout the healthcare system independently of its origins. As a result, data coming from multiple sources can be shared and accessed seamlessly by different stakeholders. Cloud computing in medicine promotes interoperability among various healthcare segments, including insurance and pharmaceutics. Google Cloud teamed up with KPMG, Deloitte, and other prominent consulting companies to help healthcare providers advance their data interoperability while preparing for the compliance rule issued by the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology (ONC) and the Centers for Medicare & Medicaid Services (CMS). The new regulation enables patients to access and download their medical records. Here is what Aashima Gupta, the global director, healthcare strategy and solutions at Google Cloud said about the importance of interoperability: "As we reflect on the lessons of COVID-19, building resilient interoperable health infrastructure will not only be a catalyst but table stakes for delivering better care. The Healthcare Interoperability Readiness Program aims to help free up patient data and make it more accessible across the continuum of care, as well as set up organizations for long-term success with more modern, API-first architectures”

After adopting cloud computing in healthcare and migrating their data, medical facilities give up control over their assets. This is particularly apparent with the SaaS model. This puts medical facilities in a position where they are still obliged to protect the data while having no control over it and relying on cloud providers to implement the necessary precautions to keep their assets safe. Also, cloud services can go down, so hospitals need to find a way to operate under these conditions while waiting for the cloud vendor to bring the services back online. Downtime does not only result in productivity loss, but can also be a life-or-death situation in some extreme cases. And even if the situation does not go that far, it still elicits feelings of uncertainty from both patients and providers. Solution: In case you are considering adopting cloud computing in your organization, there are several steps you need to take to minimize the negative impact of cloud outage. First and foremost, you should define and implement a disaster recovery plan and deploy a backup infrastructure in another country/region. Read your Service Level Agreement carefully. Are you guaranteed 99.9% uptime? Do you realize that 0.1% downtime translates into eight hours a year without service? Alternatively, you can adopt a multi-cloud approach and rely on several vendors. Even if one system goes down, the others will still be working.

Legacy systems remain a large part of healthcare IT infrastructures. According to recent research, 53% of medical devices operate on legacy platforms. And even though modern technology would be more effective in the long run, many medical facilities do not have the opportunity to replace their legacy systems before moving to healthcare cloud computing. Connecting such equipment to the cloud will introduce new risks. For example, some legacy systems are running on obsolete machine code and may contain security loopholes. Solution: To protect your cloud deployments, you need to timely identify and address any vulnerabilities introduced by the legacy equipment. Use network segmentation to isolate high-risk devices, contain any potential breaches, and limit their negative impact on the whole network.

Patient data is sensitive information protected under regulations, such as Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulations (GDPR). Violations of HIPAA rules will not only ruin the hospital’s reputation but will also have financial consequences. An intentional HIPAA violation will result in a $50.000 minimum fine , and it can reach up to $250.000 as a criminal penalty. Violating organizations might also be obliged to pay restitution fees to the victim and serve jail time if deemed appropriate. Healthcare and pharmaceutical organizations need to ensure compliance during and after cloud migration. We are speaking about data storage security, access, patient privacy, breach notifications, etc. Solution: Not all cloud computing in healthcare solutions and vendors ensure the same degree of compliance. Moreover, a compliant cloud vendor can rely on tools from external vendors as a part of their security strategy. Even though the primary provider is compliant, the secondary one might be not, which compromises the overall compliance of the cloud. Here is how Jeff Thomas, CTO of Forward Health Group explains this, “When looking at a cloud vendor, some of their tools might be vetted to ensure HIPAA compliance, but not every tool may be from that vendor, so you really need to look at it. Solution A may enable your HIPAA compliance, but technology B is part of that solution and it’s not HIPAA compliant.” So, healthcare organizations need to choose cloud offerings carefully. The majority of compliant vendors will openly explain how their solutions meet the desired regulations and sign all the required documents. As Jeff Thomas said, "Is the vendor you choose willing to sign a business associate agreement? If they hesitate or don’t know what that is, they aren’t the right vendor to choose because they don’t understand your healthcare compliance needs when it comes to HIPAA.”

Before moving to the cloud, healthcare organizations need to be fully prepared. If their systems and processes are not well documented and no one has a grasp on how the current system would translate into the cloud, this needs to be fixed before proceeding to full-scale deployment. Additionally, some clients do not trust their healthcare cloud computing providers and waste time and resources on maintaining their own private environment trying to protect data in the cloud. According to Michael Robinson, Vice President of healthcare at Vmware, this is an unjustified effort. Here is what he said, “Healthcare IT is understandably security-focused, but the security risk to an organization is more heightened from a lost device or stolen password than it is a cloud breach of patient information.” Also, all stakeholders’ buy-in needs to be ensured to avoid problems in the future. Solution: Healthcare organizations need to prepare for the cloud and adapt to it. They need to conduct technology assessments, analyze their platforms, prioritize what they need to move, and get the data ready for migration. Jim Fitzgerald, Chief Strategy Officer at CloudWare, a cloud vendor focusing on healthcare, emphasizes the importance of adaptation from both sides by saying, "Efficient and crisp adoption of cloud IaaS/Platform/SaaS models in healthcare require adaptation from both the cloud service provider and the healthcare organization." Healthcare providers also need to formalize themselves with the selected cloud platform in advance and make sure all the involved users are ready to make the change and accept the way things will be done after migration.

When it comes to cloud computing, the medical sector is experiencing what Accenture calls "security paradox". The consulting firm’s research revealed that 60% of the surveyed CIOs recognize the security-related benefits of cloud computing in healthcare, yet more than two-thirds of the respondents retain 80% of their data on-premises. Accenture attributes this to the mindset of healthcare managers and the C-suite. They do not understand how to leverage the cloud to improve overall security. One can argue that the cloud is inherently more secure than on-premises storage, as described in the previous section. However, there are still risks of malware attacks and data breaches. Even though some of them are cloud vendors’ fault, many are still caused by employees’ errors or internal intentional attacks. According to the Verizon Data Breach Investigations Report 2020, these internal threats accounted for 48% of all data breaches in 2020. Solution: To mitigate cloud computing security risks, your organization should opt for a vendor that offers a regular offline backup option, so that you have a source to recover your data instead of paying the ransom. Also, look into encryption options. With strong encryption methods, even if the data is breached, it will not be readable. It is also necessary to provide cybersecurity training to your employees. Many errors can be avoided if healthcare providers improve their security hygiene. Use cybersecurity-based assessment when choosing contractors, third-party vendors, and other external collaborators.

Despite the advantages of cloud computing in healthcare, cloud migration is a challenging process. Before you start, define your healthcare cloud computing goals. Why are you looking into cloud options? Is it for better security? For better storage or analytics options? Is it for budget-related incentives? Or your company is planning to expand, and you can’t scale up your existing system? By answering these questions, you’ll be able to set your cloud computing goals and determine which data/system components you are willing to migrate. Next, research different cloud vendors to understand their offerings. Keep the specifics of your industry in mind, such as HIPAA compliance. Not all vendors are equally compliant. If you are planning to use the public cloud for your existing healthcare applications, beware that securing such apps lies on your shoulders. Cloud vendors are responsible for patching and protecting their environment, but they will not fix flaws in apps developed by you or third-party vendors.