Cloud Computing in Healthcare: Unsticking Your Cloud Journey
While most companies now understand how cloud computing will transform their business, some are finding themselves stuck on their public cloud journey—feeling cautious about making the switch or expanding further into the public cloud. What fosters this underlying apprehension, and what can a healthcare organization do to unstick its cloud progression?
Healthcare organizations can use the public cloud to accelerate speed to market for new applications, leverage machine learning for improved data analysis, improve on security, compliance, and privacy rigor, and ultimately improve customer, patient, and member experience. While action makes more fortune than caution, a traditional IT procurement cycle mindset persists that sometimes inhibits the adoption of the cloud.
Capacity planning and ongoing maintenance, both at the software and hardware layer, can be difficult with on-premise data centers, and even worse, mistakes are expensive. It is these limitations, and the classic on-prem mentality they conjure, that conflicts with the cloud and its capability to offer a limitless amount of IT resources and a more economical pay-for-use model.
Sticking Point #1: Expectations Around Migration
But even with all the benefits public cloud-based applications and services have to offer, knowing how your business can best reap them is not always straightforward. The big cloud-journey glue trap is often the false expectation that whirls around the lift-and-shift strategy. It can be an unproductive undertaking that launches all of an organization’s existing bloat into the cloud: logs, malware, traditional server database architecture, and the like. And then you’ll hear the classic lift-and-shifters’ complaint: “Hey, I moved hundreds of my assets to the public cloud, and now it’s more expensive!”
Replicating antiquated on-prem processes won’t deliver the value that you’re looking for when adopting cloud technology.
Business leaders must think about how the cloud is different and how that will benefit their organization and help them meet and exceed their business goals and objectives. Running a tabletop exercise to map your current processes to the way the public cloud works is essential. This requires getting interdepartmental stakeholders in a room to talk about security incidents or change management. If you do this upfront, you will get ahead of application and services gaps that may exist during any cloud transformation activities. Maybe you’d like to migrate the new version of the application. Walk through it: how it works inside your data center today—and then how it will work inside the cloud. If your exercise reveals the process is the same on-prem as it will be in the cloud, you’ve done something wrong. The reason why: that tabletop exercise should be able to identify what processes should or could be changed or automated. And hopefully, the vast majority of the processes can be automated. For the ones that can’t be, consider alternative services that may drive down cost and complexity, or investigate cloud roadmaps for when those processes may be automated down the line.
Sticking Point #2: Business Associate Agreement Negotiations
A second area where organizations get stuck is in finalizing the required Business Associate Agreement (BAA) all covered entities and their business partners who engage with PHI must have. Can you negotiate your agreement? Do you have the right shared responsibility model? Do you have an agreement in place with every 3rd party vendor that stores, processes, or transmits PHI? It’s important to find a partner who understands the BAA and can negotiate it to specifically contain that amount of shared responsibility your organization needs.
Sticking Point #3: Reputation Concerns
A Chief Information Security Officer’s concerns about the cloud—and his or her reputation—may also be a factor for the cloud journey getting stuck. Migrations require the confidence and cooperation of the CISO and compliance team who may have built their careers around creating very secure environments inside of facilities—whether it’s data centers, co-location facilities, or even SaaS applications. Many CISOs are not certified in public cloud technologies, and HITRUST certification is new to a lot of these organizations. In fact, HITRUST, along with other standards, are rapidly evolving, only recently incorporating public clouds like Google Cloud within its scope. One of the key considerations when working with a CISO on public cloud adoption is how to keep up with changes in healthcare regulations and policies, and how to map those back to the cloud services adopted. It can be a wise move to dive into the expansive security advantages available in the cloud with a managed services partner to get to the answers you need to proceed with confidence rather than wander in alone.
Unsticking Your Cloud Journey
The pressure to scale and innovate can also make things sticky, but a partnership with a cloud service provider can show you—component by component—where you can optimize and accelerate your operations. This process enables the build out of healthcare compliant reference architectures that allow for auto scaling. For example, in the payer market, during open enrollment season, traffic surges and systems become incredibly overloaded. But by being able to build out a reference architecture that allows the payer’s system to auto scale, enrollment services and other consumer-facing functions just continue to deploy automatically. There are no worries about handling traffic spikes, and you can provide cost predictability during those peak periods.
Maybe your sticking point is you are sold on the cloud, but you’re not sure how to sell it to your fellow executives. First you can emphasize that by leveraging the efficiencies of the cloud, your organization will gain a newfound ability to focus itself on its core mission. Then, preach how the cloud can help you:
- Streamline operations by reducing the responsibilities related to maintaining capital infrastructure
- Keep current with regulatory changes, and be able to map cloud technology back to those regulations
- Stay on top of all new innovations, no matter how fast they come. Example: Well over a thousand major changes inside of one public cloud last year alone that had a direct effect on security, privacy, and compliance of sensitive data, such as PHI.
If you work at a provider, for example, you can put the cloud migration argument this way: “If I’m not spending half of my time maintaining underlying infrastructure, I can focus on changing our CapEx model to an OpEx one, over time. I can shave my overall healthcare IT spend from 3.7 percent to 3.2 percent—which is a massive cost reduction! And I can do it all over time by automating lots of our processes—not just putting workflows in cloud. With all that time saved, I guess the IT staff will have to spend more time improving the doctor/nurse/patient experience.” Then, triumphantly make the drop-the-mic gesture.
The perceptions slowing your journey to cloud adoption are really just sand traps. Which is to say, they are artificial challenges that can be overcome with some knowledge and persistence—along with an experienced caddy.