It seems these days that you can’t walk through an airport or get through an advertising break on the television without someone extolling the virtues of cloud migration. Cloud technology has been embraced by many organizations in some form or other. Healthcare lags behind.
The delivery of health and social care services should be all about the citizen. Cloud capabilities can augment current IT, but do they have a clear place in improving health and wellness?
The current reality is that the majority of services neither collect, nor give access to, a holistic view of the citizen at the point of care. To remedy this, healthcare services could learn a great deal from other industries. For example, when we log in for a repeat flight most airlines will know all about us already, and we may well be offered specific additional products or services based on our previous choices. But in healthcare, we are repeatedly asked for the same information by different services (primary care and hospitals, for example) or different departments within the same service. We are even asked for the same information from the same department in the same service, which seems even more crazy.
What are the implications of this failure to share data and the lack of a 360-degree view? First, it leads to a sub-optimal experience of care. Second, it exposes us to risk (for example, where an allergy is missed and the wrong drug is given). Third, it means that opportunities for better care for us as individuals are not systematically extracted and implemented. Fourth, it leads to duplication and unnecessary costs (such as diagnostic tests being repeated). And finally, the lack of a 360-degree view of both the individual and populations prevents valuable insights from being extracted that would enhance planning and support service redesign.
If you imagine for a moment that you were in charge of an accountable care system, there are some things you could do:
- Ensure that all relevant data about the citizen is shared at the point of care. You won’t be able to do that unless the citizen trusts you as a custodian of their data.
- To earn that trust, you must ensure that all requirements for patient privacy, confidentiality and security are met. And of course, unless you are robust in this respect, you can be subject to enormous penalties under new legislation.
- You must make sure that all necessary insights are extracted from the data, including understanding what has happened in the past, what is happening right now, and what is likely to happen in the future, and then ensure that these insights flow for the benefit of individuals and the population you serve.
- And, you must do all of the above with maximal cost efficiency so that as many resources as possible are available for direct patient care and care transformation.
With these issues in mind, does cloud migration provide answers?
As we have argued in previous blogs, the first of the three digital truths is that the customer is already digital, and this applies to healthcare with some contextual nuance. Patients will already be deriving benefits from cloud based products and services they access directly through the technology they choose. For example, most of us now automatically back up our smartphones on iCloud or its equivalent at little or no extra charge, minimising inconvenience and risk of data loss. And cloud is always available.
By storing information in the cloud, we can also synchronise access across our own devices or with devices belonging to family members or even organizations. We are gaining access to new digital services, such as Siri or Cortana, and service providers such as Netflix are deriving advanced insights into our buying and viewing habits to improve our experience of those services. This is all good.
To deliver the healthcare strategic imperatives we described above, you need these cloud capabilities of ‘always on’, role-based access, enhanced security, disaster recovery, analytics, advanced technology services and decreased total cost of ownership.
If we are happy to embrace cloud in all aspects of our personal and work life, is healthcare any different?
One of the key fears is about the potential misuse of data. Most of us happily click ‘accept’ on the ‘terms and conditions’ of our favourite internet services without truly understanding how our ‘digital footprint’ will be used. Interestingly, it is in this area that healthcare regulation has been far more advanced than other industries, with strict laws and controls that govern how, and by whom, data can be used. This regulation applies equally in the cloud world.
Typically, healthcare applications are hosted on infrastructure that runs within the walls of the organization or with a chosen private hosting partner. This infrastructure is designed to be highly secure with all connections to the outside world, including the internet, blocked to prevent security breaches. While this would appear advantageous from a security perspective, it means that the data is effectively locked away with no easy way to flexibly share it outside the organization or to make use of the cloud-only capabilities. Furthermore, isolation of data and applications means that there is no mechanism for those outside the organization to use or derive insight from the data. This inside-only approach severely restricts innovation and the ability to drive transformation across the patient experience, clinical outcomes and operational efficiency. It also raises risk at the point of care, if that is outside the norm.
Key technologies that are empowering ubiquitous secure interconnections between organizations and the internet include the evolution of software-defined networks that remove the ‘hard coding’ of firewall rules, and network paths coupled with advantaged encryption techniques and user-driven consent models. These are being complemented by the launch of regional data centres from all the major cloud providers that support the data-residency requirements of regulations such as HIPAA and the General Data Protection Regulations (GDPR).
Security is of paramount importance, with the recent WannaCry ransomware attack bringing this into sharp focus. With IT budgets under constant pressure and a growing skills gap among in-house IT staff, the ability of individual healthcare organizations to rise to this challenge is a major risk. In contrast, the major cloud providers are spending billions of dollars per month on ‘foundational’ services, including security protection, service resilience and the continual update of technology and software versions.
From a business-case perspective, the financials of the cloud can be truly compelling, especially when viewed holistically — when the benefits of secure data sharing, improved security compliance, greater service availability, OPEX-driven cost models, evergreen technology, and a reduced risk of key talent loss are factored into the decision making. That said, when viewed from a narrower perspective, where direct infrastructure and software total costs are compared to more traditional hosting models, the cloud can be more expensive. Like a pay-as-you-go phone, sometimes it may be more expensive, especially when legacy applications are simply ‘lifted and shifted’ onto the cloud. How you optimize your software licensing and automatically spin up and spin down environments when not in use are key dimensions for reducing the total cost of ownership.
Next-generation healthcare will operate outside the walls of the hospital, integrating services from multiple organizations, facilitating innovation and empowering citizens. As such, healthcare infrastructure needs to enable easy aggregation of services, applications and data across traditional security boundaries in agile ways, whilst ensuring continuous availability and protection of personal data. Cloud provides a critical enabling platform, and every organization should be adopting a hybrid cloud approach, where applications are targeted, based on their relevant capabilities (security, performance, resilience, accessibility, cost), to the most appropriate platform — be it secure public cloud, private cloud or on-premises — all integrated via a secure interoperability network and data backbone.