Four analysts from Black Book, Chilmark, KLAS and PwC offer their expert advice for healthcare CIOs and other IT leaders seeking to make cloud technology work for their organizations.
The cloud is becoming ubiquitous in healthcare provider organizations across the country. Cloud computing has become a style of IT and networking that healthcare CIOs and other health IT leaders and workers have come to depend on to manage systems and data in an efficient and effective manner.
There are steps provider organizations can take – before and during cloud deployments – to optimize their effectiveness. Enhancing the way a cloud meets the specific needs of an individual provider organization can reap many rewards.
Here, four analysts with deep expertise in cloud computing offer technology optimization best practices for the cloud. Provider IT staff have much to learn from these experts from Black Book Research, Chilmark Research, KLAS Research and PricewaterhouseCoopers.
The ins and outs of public, private and hybrid clouds
The first issue that healthcare CIOs will need to wrap their heads around involves the differences between using public, private and hybrid cloud approaches.
“Having an approach to analyze and optimize strategies for each option will help to optimize resource allocation and the underlying economics,” said Jody Ranck, senior analyst at Chilmark Research. “Depending on the current IT infrastructure architecture, cloud vendors should have some existing case studies to draw upon that help CIOs understand what each approach will cost depending on the unique situation of the hospital or healthcare provider.”
Knowing what services will be managed by the vendor versus in-house and knowing whether human resources are allocated properly to migrate data and services to the cloud must all be mapped out, he added.
“Private clouds have advantageous security features but may mean greater costs in some areas while offering more opportunities in-house for staffing.”
Jody Ranck, Chilmark Research
“Public clouds have advantages with scale and more simplified costing in general,” he said. “Private clouds have advantageous security features but may mean greater costs in some areas while offering more opportunities in-house for staffing. Hybrid clouds also offer a great deal of flexibility and scalability when organizations have a fair amount of flux in their need for some transactional services, for example with seasonal fluctuations.”
Hybrid clouds also bring a greater level of complexity that may make them vulnerable to security breaches if organizations lack the preparation and planning, he added.
Hold the vendor accountable for security
And then there is the delicate matter of security. Handling security effectively and correctly is another way to optimize the use of cloud technology.
There are significant risks that provider organizations must face when transitioning to cloud-based hosting. Turning over data, security, availability and control to a third party means that one’s health system or practice has absolutely no control over where its clinical and financial data lives. Trust in a cloud vendor takes on a unique significance.
Data security and privacy must be absolutely bulletproof, said Douglas Brown, president and managing partner at Black Book Research.
“When you move to a cloud-based vendor, the reality is you are handing over control of your IT operations and all your data,” he said. “If you encounter challenges with your software or data and you have a difficult vendor, your entire network can be adversely affected.”
“Regular impartial and independent audits should be performed to ensure that safeguards are in place to prevent these data breaches.”
Douglas Brown, Black Book Research
Because a cloud vendor has control of the data and the application, the client healthcare organization should require that the vendor bear the costs of remedying a data/security breach, including notification of all affected patients, he advised. Standard contracts supplied by the vendor should be rejected as they nearly always favor the vendor in these matters, he cautioned.
“Regular impartial and independent audits should be performed to ensure that safeguards are in place to prevent these data breaches,” he said. “Cloud vendors that cannot, or are unwilling to, perform such audits should be absolutely avoided.”
Recent Black Book research shows that 31% of health system CIOs depend entirely on data breach insurance policies because they are either unknowledgeable about all the functional cybersecurity options to fully protect their system or simply did not budget funds for such security improvements in 2019.
“So it is imperative that IT leaders document the cloud vendor’s insurance coverage, which protects your health system and the cloud vendor from the costs of data loss and recovery,” Brown said. “The insurance should be extended to patient notification and any associated expenses.”
Another voice on figuring out security
Ranck agrees with Brown that optimizing security is key to optimizing cloud computing.
“This year we have seen new records in security breaches across the healthcare industry and the threats are growing almost daily,” Ranck warned. “One of the vulnerabilities with most organizations is the lack of personnel with adequate training in cybersecurity. Allocating resources for staff and infrastructure in this regard will be important going forward, particularly as organizations prepare to adopt more artificial intelligence and machine learning applications in their analytics development.”
The industry is seeing more partnerships with outside organizations where sharing data for the training of algorithms will be essential and privacy and cybersecurity will need to be at the forefront of these efforts to avoid reputational risks downstream, he added.
“Cloud native services often are not protected by enterprise security tools,” he noted. “When healthcare organizations engage with cloud service vendors they will be sharing the responsibility for cloud security with these vendors and need to have a clear understanding of roles and how to properly staff those roles.”
It will be important to know which vendors have HITRUST certification in cybersecurity and follow best practices around everything from control access to configuration management, monitoring and encryption, he said.
“Understanding if they use third parties for any of these requirements and the standards these parties use can help avoid pitfalls, as well,” he said. “And finally, managing multi-cloud implementations will be more complex, so how are all of the organizations mapping on to the overall cybersecurity roadmap of your organization and where are the vulnerabilities?”
Full transparency can lead to optimization
Another cloud computing optimization best practice: Having full transparency into cost, usage, performance, availability and security can help healthcare organizations gain optimization, said Jennifer Despain, an analyst at KLAS Research.
“Having data around sizing and demand of cloud usage can help organizations make decisions on how many cloud resources need to be purchased, which is important since the cloud is billed by what is being ‘ordered’ not by what is actually being used,” she explained.
“Using data transparency can help to identify resources that are idle and consolidate them into fewer instances, saving money.”
Jennifer Despain, KLAS Research
Using data to look for resources that are not being used or are unattached allows for cuts to be made, saving money.
“For instance, while using cloud services, sometimes resources will be expanded temporarily for a project but are then forgotten to be turned off adding up to unutilized costs,” she said. “Other times an area that is no longer in use is not terminated. Turning off resources that are not being used can save money. One way to ensure that this happens is by having ongoing monthly audits to look at the utilization of the cloud and looking for areas that can be trimmed down.”
Another way transparency can help with optimizing cloud computing technology is showing insights using heat-maps into the highs and lows in computing demand, Despain suggested.
“Looking at this information can allow for decisions to be made on when more resources need to be used or when servers can be shut down during periods that are slower,” she said. “And on another note, using data transparency can help to identify resources that are idle and consolidate them into fewer instances, saving money.”
Process changes and upgrades
Chris Van Pelt, a principal at PricewaterhouseCoopers Advisory Services who specializes in health IT, offers advice on cloud computing optimization that involves applications.
“Many provider organizations have completed and are in transition/early operations of cloud-based ERP,” he noted. “Oracle, Workday and Infor, for examples, are each competing effectively in the space.”
“Many provider organizations have completed and are in transition/early operations of cloud-based ERP.”
Chris Van Pelt, PricewaterhouseCoopers
Health systems that have adopted the technology are seeing real returns in several enablers, Van Pelt said, including:
- Process changes remove choke points of traditional ERP design and enable end users to a higher function.
- Legacy server and infrastructure costs are transitioned to a new lease/tenant model.
- Upgrades, which used to consume client teams for months, and end users with significant impact are nuanced now, to an equivalent of a change to one’s banking software.
“All of these changes have significantly provided organizations with transformative change,” he said.
Storage and compute capabilities
On another front, Van Pelt said that many of his clients, who have a growing need to scale both compute and storage capabilities, are pushing aggressively into cloud services for both.
“Early adopters have primarily been academic medical centers, but many other large health systems have been in pursuit/execution in this same space – especially as they evolve large-scale initiatives requiring data lakes, paired with tools like Hadoop,” he said. “The costs and the tool sets all are moving to this approach, as the only viable solutions.”
As each provider organization evaluates functions for total cost and services that will best fulfil needs, cloud-based services will need to be in the portfolio, he said.
“Most of us, though, will continue to have to wish/want/wait for any of the significant EHR vendors to make a meaningful solution available to us – and that does not appear to be on anyone’s five-year horizon,” he concluded.
Technology Optimization Best Practices
Experts from across the health IT field will share insights about everything from AI and cloud computing to telemedicine and population health.