It has been two years since I wrote my blog “Heading to the Cloud” and a lot has changed since then. I thought this would be a good time to revisit the adoption of cloud in the healthcare sector which is in the midst of tremendous regulatory, technological and business changes. The old fee for service model is giving way to a health outcomes based model, forcing healthcare organizations to look at mobile technology and cloud computing to streamline their operations, reduce expenses and deliver better health outcomes for their patients.
Cloud computing is a model of computing where the IT infrastructure, applications and data are delivered to the end user as a service over the internet. Cloud is dynamically scalable and allows IT resources to be consumed on-demand by the end user in a secure environment. It is cost-effective, because businesses don't need to make upfront capital investments, nor do they have to worry about high and low demand periods in their business. Cloud computing customers can easily scale up and down as their demand fluctuates. They also do not have to worry about costly repairs and maintenance costs associated with owning their infrastructure. They simply pay for the resources they use, as they use them, usually on a monthly basis. Cloud solutions are also a natural fit for disaster recovery, because they store information offsite and are easily accessible during emergency from a remote location. With cloud-based disaster recovery, it is easy to deploy a failed physical server in a virtual environment, enabling end users to continue to work, reducing business downtime. Moving to the cloud makes a lot of sense because of these benefits.
Concerns about data security and privacy have held back many healthcare practices from using cloud based solutions and services. This situation will soon change. According to the HIPAA Final Omnibus Rule, cloud service providers and other third-party business associates and their contractors are directly liable for a data breach. Just like the covered entity, the business associates are also responsible for implementing the same administrative, physical and technical safeguards for ensuring the security and privacy of the ePHI. All covered entities are also required to execute written business associate agreements with all their third party vendors who create, store, maintain and transmit ePHI as a part of their business responsibilities.
The HIPAA Final Omnibus Rule should further accelerate the adoption of cloud based EMR integrated with practice management and billing as well as cloud based backup and disaster recovery solutions. Healthcare organizations can now reap the benefits of the cloud by only working with those cloud service vendors who have implemented appropriate technology, policies and procedures to secure ePHI and are willing to sign a business associate agreement.