Why Cloud for Health IT? Sharing our Experience at careMESH

Dr. Peter S. TippettSeveral years ago, as I regularly traveled to information security events, the discussion around enterprise use of cloud services to meet mission-critical software requirements was skeptical to say the least. Cloud only seemed to be a viable option for specific edge cases and companies that were willing to take a huge leap (read: risk). Particularly in healthcare, the typical CIO would not consider entrusting patient health information to a cloud environment.

Fast forward to 2019

If you want true, robust security, it is increasingly difficult to argue against cloud, given the advancements and growth in major service providers such as Google, Amazon, or Microsoft. No matter how many security staff members or how much cybersecurity experience you have, the major service providers have more. It's no surprise that across industries, investment in cloud computing, storage and infrastructure are predicted to grow at a rate of 17% annually over the next 3 years.[i]

For healthcare, there are still a few regulatory standards that are more complex using a cloud platform versus on-premise, but not many. HIPAA allows for flexibility in the type of hosting environment and any enterprise will need to cover all of the "basics"-encryption at rest and in transit, strong user authentication, logging, fail-over, regular backups, etc. But the reality is, an all-cloud application approach will have less risk across almost every category. Times truly have changed, and with the growth in cloud, hospitals have a new opportunity to become nimbler.

But how do enterprises that have invested heavily in securing patient data on-premise be confident that now is the time to begin a transition to cloud?

Several years ago, as we began architecting the careMESH platform and services, we had a decision to make. There are always challenges in building the right infrastructure, and we have to abide by the same healthcare regulatory and security requirements, but it is easier to be a young company starting "from scratch". A hospital has massive legacy systems, with dozens or hundreds of software applications, and needs to maintain 24x7 continuity of operations-it can feel like changing your car tires driving down the highway.

Although we chose redundant service providers in case of a catastrophic event, we selected the Google Cloud Platform©as our primary infrastructure vendor. Why?

1. Security

Even with diligent planning, design, personnel, and procedures, on-premise solutions are more likely to lead to security exposure. Fortunately, configuration management, firewall and router rules, default deny configuration, process isolation, most patch management, storage and transit encryption, DDOS protection, and more are all native to the Google Cloud Platform, and therefore to careMESH. Other requirements, such as backup, fail-over, intrusion detection, and logging are much less burdensome in a cloud environment versus an on-premise data center.

2. Scale & Flexibility

One of the greatest challenges in managing a data center is being able to scale appropriately, without delaying expansion or investing too early in additional capacity. When a hospital needs more server power, database throughput, storage, parallel processes, inter-process communication, bandwidth, or acquires a new facility, the demand equation changes.

By virtue of scale and being able to load balance, the Google Cloud Platform enables real-time adjustments (both near- or long-term) to these parameters. A change in requirements is a question of updating a handful of rules or settings, which gives careMESH the opportunity to be immediately customer-responsive. Add a new hospital or need to run a massive analytic job to meet a deadline? No problem.

3. Cost

Considering the major investment in design, real estate, hardware, telecommunications, bandwidth, buildout, maintenance and monitoring, replacement and upgrades, and the ongoing personnel requirements to get it all done, the cloud wins in nearly all growth situations and in most "steady state" operations.

So how can a hospital maximize existing investments while gradually reducing its reliance on on-premise solutions?

  • Begin by seeking cloud-based, software applications that address gaps in your current capabilities. By leveraging the cloud for health information exchange, medical imaging storage, communications with external partners, or innovative web-based tools for your patients, you have the chance to lean on outside providers and minimize the need for additional on-premise expertise or capacity.
  • Beware the "half cloud".Like other trendy terms, "cloud computing" or "cloud application" are more vague than they should be. Many vendors put Virtual Machine (VM) lipstick on older systems and call them a "cloud service". Taking a system that is already running on a couple of dozen boxes in the data center and making them into a couple of dozen virtual machines in the "cloud" can have advantages - such as physical property management and scale at the data center. But a Virtualization model still requires highly granular management (by you) of all of the underlying operating systems, patches, configurations, information security, firewalls, etc. It is nowhere near as simple, secure, scalable, or manageable as going to a "full" or "pure" cloud application.
  • Make APIs central to your strategy. You can often keep your existing systems by making relatively simple modifications to them in order to tap into the APIs of "pure cloud" vendors who can provide massively specialized, technologically-powerful capabilities that no single organization could ever achieve. Almost everything careMESH does is available via APIs, but the most in-demand, is our national provider directory.


[I] Gartner, September 2018