The healthcare industry as a whole remains woefully behind the cloud computing curve, but it’s not too late for healthcare organizations to catch up.
This article originally appeared on VMBlog.
Last March, Department of Health and Human Services (HHS) CIO Beth Killoran announced that HHS is aiming to move 30% of its IT infrastructure to the cloud by the end of 2017. Though that target is still miles from the cloud adoption rates of most major private enterprises, it would represent significant progress for a department sitting at the intersection of two less-than-tech-friendly sectors: government and healthcare.
At the end of 2016, HHS was only running 18.5% of its IT processes in the cloud, and as recently as 2015, a shockingly low 1% of all HHS systems were cloud-based. Ultimately, Killoran explains, the migration is part of a larger initiative “to provide [HHS] employees with the tools necessary to perform their jobs and accomplish their mission.”
And while hospitals, clinics, research laboratories, and the like haven’t been quite as slow on the uptake as HHS has been, the healthcare industry as a whole still lags behind the enterprise cloud adoption curve. Some of this has to do with the kind of sensitivity and precision for IT processes specific to the healthcare space, but a large part of it also has to do with healthcare professionals’ confusion about how, exactly, to approach cloud computing.
The debate over public versus private clouds has raged on for the better part of a half-decade in the broader IT community, and a consensus has yet to be reached as to which cloud computing configuration is better, especially as it pertains to healthcare IT. The truth of the matter is that there isn’t a single right answer; some processes are better-suited to a public cloud while others are better-suited to a private one.
The primary draws of a public cloud configuration are flexibility and, if managed properly, cost-effectiveness. As an example, consider the case presented by National Heart, Lung, and Blood Institute (NHLBI) CIO Alastair Thomson. According to Thomson, the IT demands of the NHLBI range from “I just need to store two or three petabytes of data” to “I need to compute on hundreds of terabytes on a computer that has 20,000 CPUs in it.”
In theory, the NHLBI could build an on-premises IT infrastructure — whether comprised of bare-metal physical servers or a virtualized private cloud setup — capable of handling the latter scenarios, but the bulk of such an infrastructure would lay dormant for long stretches of time when modest storage processes are all that are needed. This would require the cash-strapped NHLBI to invest potentially millions of dollars in extensive computing capacity that would only actually be used when the organization needed to perform analyses on massive amounts of data, something Thomson admits doesn’t occur all that often.
The beauty of the public cloud is that it allows an organization like the NHLBI to access essentially endless computing resources without having to invest in either the initial outlays or maintenance costs associated with housing an expansive IT infrastructure. These resources are easy to access, perfectly elastic, and tremendously valuable to healthcare organizations.
As tremendously helpful as it may be in certain circumstances, the public cloud is by no means the right option for every healthcare organization. As President of New River Marketing Research Bill Claybrook explained to TechTarget, “Anything high performance [or] high security you don’t want to move to the public cloud.”
In fact, concern over information security is the primary reason that many healthcare organizations remain hesitant to explore public cloud computing. Especially for healthcare providers like hospitals and clinics whose sensitive patient data is closely regulated by HIPAA, the lack of control over specific security protocols on public cloud infrastructure is simply not an option.
A private cloud configuration, however, doesn’t present anywhere near the same level of security concerns. On a private cloud, a healthcare organization’s IT administrator can implement whatever firewalls or encryption protocols are necessary to keep the organization HIPAA-compliant. Some public cloud providers claim to offer security measures that are in-line with regulatory considerations, but none of these comes close to the control delivered by a fully-customizable private cloud infrastructure.
Taking all of these considerations into account, the most reasonable course of action appears to be a compromise — that is, a “hybrid cloud.” As demonstrated above, certain healthcare IT processes are perfectly well-suited to the public cloud, while others for all intents and purposes must remain on a private cloud (or perhaps even on an on-premises physical server).
Many healthcare organizations have already settled on a hybrid cloud approach wherein they run as much as they can on their existing IT infrastructure and “burst” the rest onto a public cloud when spikes in demand occur. Ultimately, as long as a healthcare organization crafts a thoughtful, sufficiently nuanced approach that takes into account both the strengths and the weaknesses of public and private clouds, it will be well on its way to achieving better, more efficient workflows.