In my research, healthcare providers have rated their use and desire to use the cloud as relatively low compared to other industries. Since the HITECH Act of 2009 encouraged the adoption of electronic health records, many providers have been looking for a cost-effective way to support the infrastructure needed for electronic records. And while the cloud could provide a solution, many providers are still concerned about the privacy, security and availability of cloud environments.
Nevertheless, many of these healthcare providers regularly utilize the services of business partners who absolutely use cloud technology to stay competitive. And as with any partner that provides a high value service, these partners must be vetted for their service quality. In the healthcare industry, this means going beyond providing the standard set of marketed packages; it includes adherence to compliance, business rules, and escalated notification for possible service issues.
But there needs to be additional work on behalf of the healthcare provider. Whenever critical systems and services are co-managed by multiple parties, organizations must plan for contingency. A recent story from the LA Times tells about a 5-hour outage that left healthcare providers unable to access the electronic records of their patients. The providers have the ability to revert to paper-based record creation during the downtime, but what they lacked were relevant digital records like test results, past diagnoses and treatment protocols. The work-around for general practices might have caused an inconvenience, but in areas of critical care or triage situations, this data outage could have been a much larger and possibly life-threatening concern.
Unfortunately, healthcare IT providers have been working with very strong constraints as they balance business, privacy and infrastructure issues. In a recent conversation, one healthcare provider security leader pointed to the painful reality that doctors, clinicians, and workers assume everything will work just like turning on the lights. Setting up and paying for resilient electronic contingency plans for electronic health records and putting money aside for partner risk, security and compliance assessments of their infrastructure and cloud services just doesn’t happen today.
Yet as with all businesses, the healthcare industry is relying more and more on connected partners for the integrity and access of their data. As a result, these kinds of outages and security incidents will start to drive more sophisticated and risk-based business rules and time-sensitivity. In a situation where an unconscious 30-year-old enters the emergency room, what medical data would be more important? Would it be the fact that she’s allergic to penicillin, or that she broke her ankle when she was 25, which may play an important part in her treatment?
Healthcare is at the point where they are just dipping their big toe into digital records, with all of the business and patient ramifications that come with that technology. From physicians to customers, more awareness needs to happen to make this work in the long run, and of course some hard lessons will need to be learned along the way. After all, it wasn’t until after WWI that household electric lighting became widely available across the country, and there are still concerns today about protecting this critical infrastructure.
By Kim Singletary
