Why EHR in the Cloud is a good Idea
- 1. IS EHR BETTER OFF IN THE CLOUD? BY Joseph Benliro IS 307X , Information Security in Health Care Dr. Stephen Rice December 5, 2011 S
- 2. What is the Cloud? S “This usage was originally derived from its common depiction in network diagrams as an outline of a cloud, used to represent the transport of data” – John Rittinghouse S Provides the means through which everything from computing power to computing infrastructure, applications, business processes to personal collaboration can be delivered to you as a service wherever and whenever you need. S Fluid and can easily expand and contract. S Three basic service S SaaS, IaaS, and Paas S Brief Cloud Explanation
- 3. Why EHR In the Cloud is a Bad Idea S Cloud EHR Systems are Prime Targets for Hackers S Attacks on many of the top cloud providers S Not Knowing Exactly Who Has Access S Applications and sensitive data are no longer protected by a secure perimeter. S Medical professionals are accessing data from all types of devices and from diverse locations. S The adoption of new cloud applications requires usernames and passwords and results in excess amounts of user credentials that can be lost, forgotten or stolen. S Most audit and compliance solutions can track user access and activity only within the firewall, losing visibility when users access cloud-based applications. S The Problem With Trusting the Service Provider S Cloud companies may change or completely disappear. As an example, in 2001, GE Healthcare bought health records provider Encounter EHR and eventually ended up shutting it down - giving records holders 30 days' notice to reclaim their data or lose it. S Files are broken into chunks and may be stored on multiple data centers around the world. S Cloud providers can monitor, data and communications at will. S EHR Cloud Services Are Subject to Poor Internet Service Quality S If you do not have Internet connection, then you are not able to get to your data. S patient care could be compromised.
- 4. Why EHR In the Cloud is a Great Idea S The five essential characteristics of cloud computing, outlined in the National Institute of Standards and Technology’s NIST SP 800-145 report S On-demand Self-service (Economic Benefits): A small provider can provision computing capabilities, such as server time and network storage, as needed. S Resource pooling: Providers can realize decreased costs because the underlying computing resources are pooled to serve multiple customers with different physical and virtual resources. S Rapid elasticity: Available capabilities can be scaled up or down at any time as demand for computing power dictates. S Measured service: Service and payment levels are established and monitored for consistency and violation. (e.g., a Distributed Denial of Service (DDoS) attack)
- 5. Why EHR In Cloud is a the S The five essential characteristics of cloud computing, outlined in the Great Idea NIST SP 800-145 report (continued) continued. S Broad Network Access (Data Portability and Mobility): Cloud computing can provide authorized access to records from anywhere on any device. The objective of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act (ARRA) in 2009. S A perfect example was on the case of ClickCare - a HIPAA compliant SaaS and iPhone application. 70 patients were treated solely over ClickCare with an overall healing rate of 93% and an estimated savings of $24,000 in transportation costs.
- 6. Why EHR In the Cloud is a Great Idea (continued) S Additional Benefis/Advantages of Cloud Computing S Improved System Reliability: With everything being stored on redundant servers you would never again have to worry about losing data. S Freedom from Support and Maintenance Responsibilities: cloud providers are the ones who are responsible for all maintenance, infrastructure, and repair. S Infrastructure Flexibility and Scalability: Instead of buying, maintaining, and housing servers to meet those periods of peak demand, health care organizations can use the cloud to scale up or down as needed.
- 7. Conclusion In the health care environment, where a patient’s life depends on easy and open access to patient records, access for need to know personnel should be easy and unaffected by device or location and unhampered by multiple, inconvenient and hard to remember methods of authentication. In the Cloud, it is possible to Centralize authentication thus allowing for a single strong password and authentication policy for all cloud based applications, eliminating access barriers and the security risks of managing multiple passwords. Although there are many other security considerations when moving regulated patient data to the cloud, I believe that appropriate monitoring controls, layered with access management and strong authentication will make health care organizations and their affiliates realize that EHR is better off in the cloud.