As I described in my last column (“Cloud Computing May Be a Simple Solution for Your EHR Needs“), there are significant advantages to implementing “cloud” technologies in health care. In general, the term “cloud computing” refers to a computer model that allows users on-demand access to an application and its data through a third-party provider using the Internet. There are several types of models available. Software as a service, which is a method of providing the electronic medical record (EMR) or electronic health record (EHR) as a service, is probably the most appealing. The advantages of this model include the following:
Explore This IssueApril 2012
- Users have unlimited access to the software using any device connected to the Internet;
- The user is not chained to one stationary computer;
- Data can be shared with other systems;
- All users access the same version of the software;
- Maintenance and upgrades to newer versions are easier;
- Health care data security are improved;
- The system has its own IT support; and
- Investment in application or database management is unnecessary.
These advantages should result in significant cost savings, freeing up resources for implementation and user support. According to the results of a survey conducted by CDW Healthcare, 88 percent of health care organizations that have implemented cloud technologies have saved, on average, 20 percent of their health care costs.
—Rodney Lusk, MD
There are also significant risks that each health care organization must face when transitioning to cloud-based hosting. Turning over data, security, availability and control to a third party means that your company has absolutely no control over where its data actually lives. Trust in your cloud vendor takes on a whole different meaning. Security and privacy, core issues in the health care market, have to be bulletproof.
Other critical issues include data availability, error limitations, disaster backup and rapid response times. Most vendors will have far more capabilities than the individual user. Unauthorized disclosure of information results in severe consequences to the organization and significant costs in recovering and restoring data as well as notifying affected individuals.
When considering a host provider’s stability, firmness of pricing structure and availability or uptime guarantees are critical. Your organization and vendor must have sufficient bandwidth to accommodate your needs. Nothing is worse than being dependent on software that is so slow it becomes unusable. The size of the vendor is not a good sole measurement of viability. Google and Microsoft have invested heavily in their own private health care modules and databases, but Google has recently announced it is scrapping the entire venture at the end of this year.
Contracts and Liability
I will say it again: The reality is that when you move to a cloud-based vendor, you are handing over control of your IT operations and all of your data. If you experience problems with your software or data and you have an uncooperative vendor, your entire network can be adversely affected. Your contract is your only leverage to make the vendor help you with your problem. Contracts are therefore very important, and you should not accept the “standard contract” provided by the vendor, which will likely be heavily biased in its favor. Because the cloud provider has control of the data and the application, the contract should require that the provider bear the costs of remedying a data/security breach, including notification of all affected patients.