Q.
What are some of the risks and challenges facing healthcare organizations in 2015?
#1: Money. No one is going to offer a middleware layer that is going to offer the unfettered communication for free. This software can be costly. The way we get around this costing the provider a lot of money is where the Health Plan pays for the service and the provider gets the software for free. In this scenario, the health plan gets the benefit of the real-time communication, instantaneous claim submission, instantaneous reimbursement to the provider, and the provider gets the software for free. So now we know the provider will participate because it did not cost them any money.
#2: Providers generally don’t have an IT staff. Example: A chiropractor has a PC in his basement and it has his practice management software on it. And he is the IT guy. This scenario needs to go away. How does that go away? How do we get the provider out of the business of being the IT guy? Answer: We put their service in the cloud and it becomes a service they pay for on a monthly basis. Rather than buying turnkey software and hardware and installing it in house.
#3: And the big elephant in the corner is security. So all of this information flowing back and forth is PHI (Personal Health Information) and it is all federally governed by HIPAA (Health Insurance Portability and Accountability Act) and also the HITECH Act. Both of these acts make it illegal to intentionally or unintentionally release data to parties that should not have that data. And with an unintentional release of this data there are huge fines. With intentional releases of this data, you go to jail. So the providers and health plans have to know that if they are using cloud services, that these cloud services protect them from a HIPAA and HITECH standpoint. All of the data at-rest has to be encrypted, all of the data in-transit has to be encrypted, up to par, up to standards. The authentication and authorization procedures have to be appropriate so that people can’t access and steal the data, people can’t get in and steal a hard drive, etc. So we use cloud service providers that have had to deal with this security in the past. Companies like Amazon and Azure have had to deal with hosting healthcare organizations on their cloud so they have all the documentation, certifications, and encryption procedures built into their security processes. These organization will sign a BAA (Business Association Agreement) with you stating that they are taking on the security responsibility, on the infrastructure side, so that you don’t need to worry about it. Amazon and Microsoft are saying they will sign a BAA (Business Association Agreement) with their partners. They are basically stating: “You are going to put a client on our cloud, we will sign a BAA saying the infrastructure is our responsibility from a HIPAA and HITECH Act standpoint.”
Q.
What are some recommendations on how healthcare organizations can further transition to the cloud?
They need to start dipping their toes in and getting comfortable with the cloud technologies that are out there. And a good option is to move from their traditional desktop office software into cloud hosted versions of those products. Microsoft Office 365 is great choice for an organization that wants to dip their toes in cloud technology and save money over the long run. Rather than continuing to buy those $600 licenses or Microsoft Office and hosting their own exchange server and dealing with all of that, they can now pay for every user and it could cost them $18 per month to have all of the same product hosted online in the cloud and they get their desktop software anywhere from any computer. And whenever Microsoft decides to release a great new feature in their product, you just get it. You don’t have to pay again for it, you don’t have to buy the upgrade, etc. So they need to start dipping their toes in those cloud services to come to the realization that they really are not scary, they are really easy to implement, and then they will be open to buying other cloud solutions that are available. Pretty much everything you can think of is offered as a cloud service: CRM, Office SW, IT Monitoring Software, etc.
There is very little that we have to run in house anymore. Data and applications are more secure in the cloud. Things are more protected in the cloud. It is the cloud software vendor’s job to deal with hosting these cloud solutions. Data is being backed up. No worries on whether your IT staff has backed up your data. It’s backed up. It’s safe. You don’t have to worry about overloading their servers. They have the capacity that you don’t have internally. You just have to pay for your users. And finally, it is simple. You don’t have to have IT staff to deal with everything that comes with a turnkey installation of all of these products, networking and hardware. It doesn’t mean that you don’t have to have an IT staff. It just means that you don’t have to have as many. Or outsource to as many. So you definitely have ROI there. You have immediate ROI of not maintaining a physical hardware environment within your data center and you’ve got the long-term ROI of not maintaining that FTE load on a very large IT staff that has to deal with 100 servers. They may be able to can chop 50 of those servers out of the mix.
Recommendations:
1) Contact one of the cloud providers out there that specializes in their line of business software. For the provider, we know that there are plenty of hosted cloud provider practice management systems out there. They need to start a project plan with them. The implementation of a cloud line of business application is no different than the implementation of a turnkey solution. Other than the fact is that we are taking out all of that IT work that goes into the hardware configuration and sizing. But, the business processes behind the implementation, the planning processes are identical. So they can’t think that just because it is in the cloud means I don’t need an implementation. They still need an implementation, and they still need to plan, to make sure that they are not going to interrupt their service. They do need to go and talk with the appropriate vendor and get a project on the books and plan appropriately. And partner with a great vendor who can support them. A vendor that knows cloud technology.
2) Healthcare organizations need to vet their potential cloud solution vendors carefully. Ask detailed questions: Who do you use for your cloud hosting? How long have you used them? Can I get references? And talk to the references. Many clients jump into a healthcare IT product solution and never get any references, never talk to the references. Talk to the references about their user experiences: How well did the implementation go? Have you experienced any problems with the service delivery?
3) You need to have SLAs (Service Level Agreements) with your cloud solution vendors. You are not controlling the infrastructure anymore so you must have SLAs. With a cloud solution, you can’t call up your IT shop and say “It’s slow, fix it.” So you need a piece of paper that says: I guarantee that you will get service levels at this rate.
Looking forward, as turn-key solutions become more and more difficult to manage and expensive, companies will discover that turnkey costs more in terms of people and hardware. With this realization, I believe, we will see everything moving up into the cloud. And the cloud providers that can deliver consistent experience and consistent SLAs are the ones that will survive. And the other ones will not.