The medical industry’s hesitation stems from the cloud industry’s general inability thus far to clarify how cloud services can securely and cost-effectively enable its growth. So a cautious approach to adoption does have some merit. Well-publicized data privacy breaches of online services, that are affecting almost every industry, have raised major concerns with the safety of online services in general. These concerns are further complicated with the slew of regulatory compliance and access requirements imposed on healthcare providers.
This makes the barriers seem high, the costs unsustainable, the systems opaque, and benefits unclear — the status quo appears to be better, and the 85% of Canadians who only have paper records will still ultimately be served, securely. The medical context, however, is different: the purpose is not to facilitate instant commerce, but rather to securely and cost-effectively improve the quality of care and workflow throughput. Basic technology in the medical industry does not need to be as complex (in fact, simplicity prevails), and an incremental approach is prudent. The demands of an aging and growing population will make force-multipliers like cloud necessary, not optional.
Although the bar for domain-specific technology skills is high, risks to quality and privacy aren’t just technological — they involve processes, policies and people.
Cloud-based platforms can incrementally provide benefits for those who are cautious, to help to mitigate the spectrum of risks that can be caused by technology, specific processes, and human error. Consider a few examples that illustrate how secure cloud-based approaches allow for centralized management, disaster recovery and wide-spanning control:
● Data backups are crucial, even for paper records. Most medical practitioners and a vast number of residents caught within the eyewall path of Hurricane Katrina irretrievably lost paper medical records. Many backups were damaged beyond repair, and the balance was simply “missing”. A private cloud-based file service that contains scans of patient records is a simple and cost-effective disaster recovery and business continuity measure. The costs of such a service amount to less than the daily coffee budget for a 10-person medical practice.
● Process circumvention is a sizeable, invisible and inadvertent cause of costly and continual security breaches. For example, inventory systems that aren’t available hospital-wide cannot only create massive overspending and under-delivery, but they also create security risks. How? Staff can openly discuss patient requirements, share (and lose) access credentials, and re-assign logistical work inappropriately. A secure and monitored centralized system that is backed up not only creates greater availability, it also prevents dangerous circumvention and ease of audit.
● Centralized management can help securely scale organizations. Healthcare consultancies and group practices are increasingly using laptops to enable a more agile and distributed workforce in order to scale. Solutions like cloud file storage, and full desktop interfaces run in the cloud (by way of “VDI” or virtual desktop interfaces). Cloud-management (controlling the laptops from the cloud) can nearly eliminate almost all of the most common risks associated with carrying sensitive data off-site while lost, compromised and stolen mobile hardware account for over 70% of data privacy breaches in distributed workforce firms.
These approaches can secure access to data for both providers and patients alike without requiring a total top-down refit.
Most practices and facilities depend on technology for simple tasks like scheduling and accounting. But factors like availability, integrity, reporting, appropriate access levels, enforcing process compliance, and backups are almost universally overlooked. It is these factors which pose the most major and frequent threats to data privacy — more so than a 10-year (clean up) from an event like a hurricane or major online breaches.
It’s a popular misconception that solutions can be provided only by the large well-known public cloud providers. In fact, cloud services can very much be run privately, and on-site — in essence as a private on-site cloud. Mixing and matching locations is also possible and in fact, encouraged — that’s what makes it a “cloud”, really. For example, encrypted backups of records can be uploaded to certified and specialized online private cloud providers to create larger “hybrid” clouds that are made up of the online and on-site cloud components.
Virtualization is one of the best first steps to ease management and help simplify the creation of data and process portability for resilient and central management. This model allows for consistency and transparency and shapes processes and people to ensure security. Industry standard virtualization platforms remove single points of dependence: hardware or even service providers can be changed without the users even noticing. Backups, security, updates and upgrades all instantly become easier and at a fraction of the current cost of the methods that 95% of practitioners and facilities use to maintain their infrastructure, not even counting the opportunity cost. Bottom line: the numbers favour basic virtualization as not only a cost saving measure, but also as a platform that enables growth.
Cloud providers who offer managed services can leverage technologies that afford them massive economies of scale and will create a steady and pain-free transparent migration plan. Clients should seek cloud providers with industry-specific service experience, not just product expertise. Auditing, patching and updating an entire hospital’s worth of virtual technology infrastructure can be achieved by one person in about an hour (recall the mobile workforce example above). It is this combination of tools, skills and experience that makes actual (read ‘not last-minute’) compliance with healthcare standards far easier and automatic. Experienced managed cloud services providers can perform audits and remediation directly to help maintain compliance with data stewardship regulations. The infrastructure and software is maintained in a complete, correct, predictable (consistent) and timely fashion — the very same benefits medical practitioners want to pass on to patients.
The medical industry’s shift towards these new services won’t occur overnight. But the applications of cloud in the healthcare industry are numerous, and the benefits greatly exceed the risks and costs that are involved. Compliance, privacy, and security are attributes that an end-to-end good cloud provider will address and implement by considering the total combination of people, processes, policies and technology. The expanding reach of cloud services will inevitably touch the medical industry. It’s simply a matter of taking a first, small step.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…