The potential benefits of cloud computing have been apparent to the IT services industry for the last couple of years. But there's still a great deal of confusion over what cloud computing really means, how exactly it applies to healthcare and whether it's a good fit for government healthcare agencies.
There are many kinds of cloud computing, ranging from providers of software and application services to storage and raw computing providers. Each of them has its own potential value to government agencies that work in the healthcare delivery, research or policy arenas, experts say.
"I think a lot of the advantages [of cloud computing] for healthcare are going to be the same across government," said Phil Horvitz, chief technology officer of Apptis, a Chantilly, Va.,-based systems integrator. "There are some things in the health sector that are crying out for cloud."
The most widely discussed use of cloud in healthcare is the transmittal of electronic medical records via hosted or Software-as-a-Service (SaaS) providers. Here the advantages, especially to smaller practitioners, are minimal upfront investment and little or no maintenance overhead.
But there are other aspects of cloud computing that make it well-suited for bigger healthcare organizations and agencies, particularly where commodity- type services are sought.
Those include moving pure storage and computational needs out to the cloud, which could be appealing to hospitals, pharmaceutical companies, agencies and researchers seeking to reduce the amount of IT overhead maintained in-house.
The cloud computing model also gives these larger organizations a way to rapidly scale IT resources in what Horvitz calls "dynamic circumstances," such as pandemics and other public-health emergencies.
These features will become more appealing in healthcare as service providers experienced in data center and application hosting move to more secure versions of cloud computing for more sensitive data.
"The key is having discrete security controls in place," says Kenneth Ziegler, president and chief operating officer of Logicworks, a "private cloud" hosting provider with customers in several industries, including healthcare. The company provides secure hosting for nextEMR, an EMR SaaS provider.
"They're a service provider, their business is making great software and their target market is healthcare," says Zeigler. "So why should they worry about hardware and operating systems and the amount of infrastructure required five years from now, and buying it and building it out and hiring the staff to maintain it, and having to worry about the power and the cooling?"
Pick your cloud
There is a range of cloud solutions, from the "public cloud" "cheap cloud-based resources like those from Amazon.com's S3 service"to massive computing-ondemand data centers provided by the professional services branches of major networking and computer companies such as AT&T, IBM and Hewlett-Packard.
Healthcare data and applications may well live in segments across that whole spectrum as the technology matures and the need to drive cost out of the healthcare system mounts, experts say.
"I feel like all that information will have different places in the cloud that it really should live," says Ziegler. "For non-secretive, static data that they just need a place to store it, you want to look to a public cloud storage provider like an Amazon S3, that's going to be a much less expensive way to deploy it."
But so far the public cloud often lacks the security and reliability for applications like EMR, says Ziegler. "When EMR providers look to which hosting provider makes sense for them," he says, "they could look at Amazon"that's good enough for proof of concept"but there's not enough security there."
Instead, for services that need to be kept secure, a "private cloud" is the best option, he says"a solution that uses the commodity-based approach of cloud computing within a secured environment at a hosting data center.
Private clouds are an evolution of the type of server hosting provided by traditional data centers and application hosting services like USi, now AT&T's Application Management unit. They specialize in building out large, secure, standardsbased data centers that can be provisioned quickly to meet customer requirements.
One major benefit of going with a private cloud provider is the level of service in moving applications to a cloud model. Many hosting organizations providing private cloud services are already familiar with the requirements of healthcare organizations, and can easily configure services to meet the needs of a SaaS provider, agency or healthcare organization.
Also, while healthcare IT organizations may be relatively well-schooled in handling compliance with standards like HIPAA, they likely don't have the expertise for handling technology standards like Sesame 2 (an open-source Java framework for storing Rich Document Format-data), or the SPARQL protocol for accessing XML data, for example.
Private cloud providers, on the other hand, may already have expertise in technology standards across a wide swath of technologies and the security expertise required to lock down applications.
What's more, private cloud costs are far lower than for building out a dedicated infrastructure. " For any SaaS provider who's servicing the healthcare industry, a private cloud environment makes the most sense," Ziegler says.
"They want to hire software developers and focus on getting their product to market"not hiring system administrators and security experts."
Public cloud uses
Yet public cloud offerings have their advantages, even for government healthcare agencies with a lot of non-sensitive data.
Services like Amazon's S3 offer low-cost computing and storage options that could be used to reduce the cost of maintaining non-sensitive health data, such as archived pharmaceutical data for drugs off patent or publicly-funded, anonymized research data.
The public cloud might also be a good fit for quickly scaling up a set of number- crunching applications that leverage non-sensitive or anonymized data. "These public cloud companies have world-class security," said Tim May, senior vice president of business development for Apptis. For most research applications, he said, the public cloud is sufficient to make sure that the computing resources and raw data are not compromised.
For proprietary areas of research, a private cloud model is a better fit. "There's information that a global R&D team needs access to securely, it needs to be available 100 percent of the time, and you don't want to do it in a grid (public cloud) environment with security concerns," says Ziegler.
"But for the backup data and data that's no longer private"a drug that's out of patent and you don't need to be secretive" that stuff should be lumped into a public cloud somewhere."
