Healthcare, the Cloud, and Security

Healthcare related businesses typically have a highly complex IT environment that’s supporting a diversified professional user population such as physicians, nurses and administrative staff.  Many of these users prioritize tasks such as treating patients in life-critical situations ahead of the development and secure use of information systems. Healthcare information technology, estimated as a $40 billion a year sector, is currently coping with growing economic and regulatory pressures that make its IT infrastructure an excellent candidate for change.  In this case, change means opportunity: a recent study by RCNOS estimates that healthcare IT spending will grow at a 24% CAGR over the next 3 years.

Controlling costs in the healthcare industry ecosystem is a key motivation for cloud service adoption. This is true for the vast majority of healthcare organizations, irrespective of their size and area of specialization. Current and future IT investment decisions revolve around metrics such as ROI and TCO.  For example, new Health Information Exchange (HIE) ventures can take advantage of the cloud infrastructure is already in built by the likes of Google, Amazon, and Microsoft.

In today’s healthcare system, access to appropriate, in terms of expertise and equipment, facilities often depends on the patient’s physical location. Do people shop for hospitals or simply go to the one nearby?  As more health data moves into the cloud and telehealth technologies become commonplace, patients as well as providers will be able to access health information in real-time from anywhere with an internet connection. Better access to healthcare and relevant patient data, especially in the remote areas, is the primary advantage of this market development.  However, risks around data privacy, security and safety, and compliance with state and federal policy are among the top concerns raised for sharing healthcare information in the cloud.

There is an interesting aside: information security can theoretically be provided better in the cloud than by an individual organization.  The theory is that an HIE or EHR service provider could have greater expertise and more people on staff focused on security than an individual provider might.  Centralization and standardization of patient and care information across the healthcare ecosystem increases information availability and utility, while service providers are enacting strong security and authentication measures to protection and ensure the integrity of patient data.

There is more to the future of healthcare information systems than simply moving them into the cloud.  The vast majority of providers will continue to build and utilize local patient information systems.  These organizations are currently developing or customizing EHR systems.  Not only will the EHR system play a role in replacing the paper chart (which can be lost or damaged), but once the data is in electronic format all kinds of other valuable analyses can be conducted.  Clinical decision support, where care givers are provided with instructions automatically based on the symptoms they enter, holds great potential for increasing the level of care in the USA.  In addition, cost savings can be realized by automating routine tasks.

There has also been an explosive increase in mobility applications within healthcare.  Devices such as tablets, laptops, and smart phones can be used to communicate with patients, gather information, and supervise care.  As of the writing of this newsletter, over 6,000 health related apps can be purchased through the Apple App Store.  These range from fitness and workout tracking apps such as Nike Training Club, Runkeeper, and Lose It! to apps built for healthcare professionals such as the research oriented Medscape or the prescription medical reference app Micromedex.

Last, but certainly not least, security is paramount in healthcare environments.  As more information is aggregated and stored, providers and patients become richer targets.  Also, most organizations rely on shared workstations left in common areas.  These must be secured physically as well as with software to protect against malware, data loss/theft, unauthorized usage, and network based attack.  One of the primary trends we see in healthcare is providing greater access to a greater number of electronic resources and data.  Running alongside this benefit is the specter of increased attacks on these systems.  As such, this presents an excellent market opportunity for security companies that make products and services that can be used to protect healthcare information such as encryption, identity based computing, and network, server and workstation security.  Companies with security products for healthcare include the usual cast of characters (Symantec, McAfee, Trend Micro) and several vertical specific players such as HSS and Cerner’s P2Sentinel Security as a Service.

Leave a Reply

Your email address will not be published. Required fields are marked *