User login
For years, hospitalists at University of Utah Healthcare have yearned for a fast, elegant way to share information with referring physicians.
When patients are referred from nonaffiliated practices, "they arrive with medical records burned onto a CD," said Dr. Mike Strong, a hospitalist and the chief medical information officer for the university’s hospitals and clinics, which are based in Salt Lake City.
"One of the big frustrations is the referring physicians say ‘we love the care that you give us, but it feels like our patients are going into a black hole,’ " Dr. Strong said. "We take care of them, and the patients come back, but the physicians feel that they don’t see the whole story."
For Utah Healthcare and others grappling with similar problems, the solution may lie in the "cloud," medical IT experts say. With cloud technology, electronic medical records (EMRs) and images, and the programs used to access them, can be stored and processed on the Web.
The cloud can be likened to a public utility. Under the cloud model, computing power, like electricity, draws from the equivalent of a grid. Giant server "farms" – such as those now supported by Amazon.com and other cloud vendors – can provide not only storage but also processing power, making applications and information accessible at high speed to anyone with a computer or even a smartphone.
"A CD takes 2 or 3 days to arrive," Dr. Strong said. If a referring hospital were able to upload images into a cloud, and we would have the records up and running before a patient even gets here, it would be great, he said.
Cloud-based services are already widespread in business and personal use – think Gmail, Facebook, Google Docs, or online banking. Proponents of cloud in health care suggest that its flexibility (hospitals can use as little or as much storage and computing capacity as they need), its processing power and speed, which can help smaller hospitals perform sophisticated modeling programs the way large ones do and allowing them to run the kind of algorithms that would tie up or crash their own servers.
Those less keen on the cloud cite its vulnerability to crashes and privacy violations.
Freedom and Flexibility
Cloud applications promise greater physical freedom to hospitalists, who need to gather information on patients from a wide variety of sources and to retrieve or deliver information from wherever they happen to be in the hospital. And hospitalists, members of one of the younger-demographic medical specialties, are hardly technology-averse.
"As a practicing hospitalist working in a system that has computer-order entry and electronic records, I live in the IT world," said Dr. Robert Pendleton, Dr. Strong’s colleague at University of Utah and codirector of its hospitalist program. EMRs and portable devices "have changed my work flow. When we were paper chart–based, I had to go to the patient’s unit." Now, Dr. Pendleton said, "we pull up data as we’re rounding, and I come back to my office and put in my notes electronically."
A shift to the cloud and mobile technologies could eliminate the trip back to the office or, better still, offer hospitalists more intuitive approaches to information sharing.
"Health care is about teamwork," says Dr. Jonathan Bloor, the cofounder, along with fellow surgeon Jonathon Shaw of DocCom, a U.K.-based company that sells cloud applications modeled after such social networks as Facebook, as an alternative to traditional e-mail in hospitals. Dr. Bloor and Dr. Shaw developed the platform while working together at University Hospitals Bristol, part of the U.K.’s National Health Service, where they noticed gaps in team communication that they felt threatened patient care.
Yet while hospitalists’ work flow could greatly benefit from Web-based applications designed for physicians, cloud dependence has a flip side: The April crash of Internet behemoth Amazon’s cloud server was a stark and devastating reminder that the cloud is hardly invulnerable. Some high-profile websites that rely on Amazon’s server were left with minimal or no processing power for a week.
Safety or Speed?
With the cloud, security and encryption are also handled offsite, and information is only as secure as an individual user’s password.
This in part is why hospitals like University of Utah have been hesitant to embrace it. Migrating to a cloud model – in which many businesses and institutions, not just hospitals, store information – could collaterally expose hospitals to hackers aiming at banks or other businesses. "If you’re a hacker, are you going to target a hospital system?" Utah Healthcare’s Dr. Strong said. "If we combine storage onto a cloud [used by other types of business], we could get hacked for other reasons."
Last year, when Utah Healthcare needed to create a way to move information between its two electronic medical records systems (a legacy of the hospital’s decade-old acquisition of another health care company), its IT department chose to design a Web-based bridge – a cloud-style technology. But the server hosting the bridge is the hospital’s own. In May, Utah introduced a portal allowing referring physicians to have read-only access to records on its dedicated servers, in effect approximating some of what a cloud can do, except keeping it all in house. Cloud "is still an in-vogue term," Dr. Pendleton said. "But though the majority of health care systems have Web-based elements, they still don’t capitalize on the concept in terms of the sharing and dissemination of patient information."
A few are taking the plunge anyway. This spring, the University of California San Diego Medical Center’s trauma department began using a cloud system to move radiology files, making it one of the first major hospitals in the country to switch from CDs.
The reason, said trauma surgeon Jeanne Lee, is that UC-San Diego receives referrals from trauma centers at two smaller hospitals that can take from 45 minutes to 2 hours to complete. "It’s a lot of wasted time," Dr. Lee said, which could be better used if the hospital had the radiology information before the patient arrives.
Dr. Lee said that while there had been a debate at San Diego about whether to move to a cloud model, "any system you use is liable to some sort of breach," and so far, "security hasn’t been an issue."
One Password Away
DocCom’s Dr. Bloor said that an increasing number of U.K. hospitals are using cloud-based applications, though not yet for patient records. DocCom’s own products aren’t designed to exchange patient-identifiable information but rather to coordinate teamwork within networks of National Health Service hospitals.
Still, the company aims to produce a platform capable of allowing teams to consolidate and communicate about patients, including the sharing of records – but this is probably years or even a decade before it is likely to be adopted wide scale, Dr. Bloor and Dr. Shaw concede. In the United Kingdom as in the United States, the cloud is a long way from being accepted in a hospital setting as quickly as it has been in business, they said.
One NHS hospital in London has recently begun experimenting with a cloud model for patient records that would allow both clinicians and patients to access them from Internet-connected devices. But the "records" being used are simulations, and the project has attracted some controversy – mostly over privacy and security – even before its official rollout in August.
David Sansom and Brent Hicks, codirectors of clinical IT solutions at the Cleveland Clinic, say that despite concerns about patient information on the cloud, there’s already more of it there – at least in the United States – than people realize. They point to Surescripts, one of the country’s largest e-prescription networks, which uses a Web-based system for its 220 million member records on the cloud.
The Cleveland Clinic’s innovations department is currently working on a number of inventive cloud-based technologies, Mr. Hicks and Mr. Sansom say, including some that both supply data to clinicians to aid patient care and feed clinical data back into models. Recently, Cleveland Clinic’s innovations department spun off a company called Explorys, whose cloud-based product aggregates data on 10 million patients for use in population-based studies – information that, Explorys insists, is HIPAA secure.
While Mr. Hicks and Mr. Sansom are strong advocates for using the cloud in hospital settings, neither dismisses the privacy and security concerns the technology raises.
Hospitals must have the capacity to cache months worth of data in house as a safeguard against Internet connection failures, they say, and the cloud itself can become another point of failure, as the Amazon crash showed. Meanwhile, "HIPAA requirements were never designed for cloud-based computing," Mr. Sansom said. HIPAA requires two methods of identification, which is still not secure enough. When an EMR system is run in house, Mr. Sansom said, someone has to physically come into the hospital, find an unguarded PC, and enter a password to access sensitive patient information. With the cloud, of course, it’s only a password, he points out: "And that’s the problem."
I think Apple’s introduction of iCloud is great news.
Apple’s
use of the word "cloud" should help overcome fears that people may have
of the word, and the most significant impact will be to make "cloud
computing" mainstream. It will become a core service in the same way
that everyone chooses a particular GSM [Global System for Mobile
Communications] provider for their cell phone. Personal computing needs
now demand syncronised content across multiple devices that are backed
up elsewhere. Many people are already doing this but probably do not
realize that they are already using cloud services.
The knock-on effect in health care will be to raise expectations from both health care professionals and patients.
If
they can manage their personal life by synchronising documents on the
cloud to be accessed anywhere, or they can share a calendar with their
friends, then they will soon expect this same level of functionality in
health care.
For clinicians, being able to access and share
content on the move is hugely advantageous. For patients, I can see them
asking that, "If I can share photos with my family, why can’t the
hospital easily share x-rays with my family physician?!"
Interestingly,
there are many health care companies that have already adopted cloud
strategies but are not necessarily marketing them as such, for fear of
creating concerns that people currently have about offsite, cloud-based
data storage.
As far as a health care specific–strategy with
Apple’s iCloud is concerned, then it certainly will be an interesting
space to watch. One of the biggest changes we will all see is the
"consumerisation" of health care, in which more people will start to
manage their health themselves independently through health care apps
that will make it easier and easier to self-diagnose and monitor disease
and manage lifestyle.
This will be an interesting space as it starts to bypass many of the regulatory systems in place for traditional health care.
Dr.
Jonathon Shaw, MD, is a cofounder of DocCom, an early provider of
cloud-based applications and communication services and for hospitals
within the U.K. National Health System.
I think Apple’s introduction of iCloud is great news.
Apple’s
use of the word "cloud" should help overcome fears that people may have
of the word, and the most significant impact will be to make "cloud
computing" mainstream. It will become a core service in the same way
that everyone chooses a particular GSM [Global System for Mobile
Communications] provider for their cell phone. Personal computing needs
now demand syncronised content across multiple devices that are backed
up elsewhere. Many people are already doing this but probably do not
realize that they are already using cloud services.
The knock-on effect in health care will be to raise expectations from both health care professionals and patients.
If
they can manage their personal life by synchronising documents on the
cloud to be accessed anywhere, or they can share a calendar with their
friends, then they will soon expect this same level of functionality in
health care.
For clinicians, being able to access and share
content on the move is hugely advantageous. For patients, I can see them
asking that, "If I can share photos with my family, why can’t the
hospital easily share x-rays with my family physician?!"
Interestingly,
there are many health care companies that have already adopted cloud
strategies but are not necessarily marketing them as such, for fear of
creating concerns that people currently have about offsite, cloud-based
data storage.
As far as a health care specific–strategy with
Apple’s iCloud is concerned, then it certainly will be an interesting
space to watch. One of the biggest changes we will all see is the
"consumerisation" of health care, in which more people will start to
manage their health themselves independently through health care apps
that will make it easier and easier to self-diagnose and monitor disease
and manage lifestyle.
This will be an interesting space as it starts to bypass many of the regulatory systems in place for traditional health care.
Dr.
Jonathon Shaw, MD, is a cofounder of DocCom, an early provider of
cloud-based applications and communication services and for hospitals
within the U.K. National Health System.
I think Apple’s introduction of iCloud is great news.
Apple’s
use of the word "cloud" should help overcome fears that people may have
of the word, and the most significant impact will be to make "cloud
computing" mainstream. It will become a core service in the same way
that everyone chooses a particular GSM [Global System for Mobile
Communications] provider for their cell phone. Personal computing needs
now demand syncronised content across multiple devices that are backed
up elsewhere. Many people are already doing this but probably do not
realize that they are already using cloud services.
The knock-on effect in health care will be to raise expectations from both health care professionals and patients.
If
they can manage their personal life by synchronising documents on the
cloud to be accessed anywhere, or they can share a calendar with their
friends, then they will soon expect this same level of functionality in
health care.
For clinicians, being able to access and share
content on the move is hugely advantageous. For patients, I can see them
asking that, "If I can share photos with my family, why can’t the
hospital easily share x-rays with my family physician?!"
Interestingly,
there are many health care companies that have already adopted cloud
strategies but are not necessarily marketing them as such, for fear of
creating concerns that people currently have about offsite, cloud-based
data storage.
As far as a health care specific–strategy with
Apple’s iCloud is concerned, then it certainly will be an interesting
space to watch. One of the biggest changes we will all see is the
"consumerisation" of health care, in which more people will start to
manage their health themselves independently through health care apps
that will make it easier and easier to self-diagnose and monitor disease
and manage lifestyle.
This will be an interesting space as it starts to bypass many of the regulatory systems in place for traditional health care.
Dr.
Jonathon Shaw, MD, is a cofounder of DocCom, an early provider of
cloud-based applications and communication services and for hospitals
within the U.K. National Health System.
For years, hospitalists at University of Utah Healthcare have yearned for a fast, elegant way to share information with referring physicians.
When patients are referred from nonaffiliated practices, "they arrive with medical records burned onto a CD," said Dr. Mike Strong, a hospitalist and the chief medical information officer for the university’s hospitals and clinics, which are based in Salt Lake City.
"One of the big frustrations is the referring physicians say ‘we love the care that you give us, but it feels like our patients are going into a black hole,’ " Dr. Strong said. "We take care of them, and the patients come back, but the physicians feel that they don’t see the whole story."
For Utah Healthcare and others grappling with similar problems, the solution may lie in the "cloud," medical IT experts say. With cloud technology, electronic medical records (EMRs) and images, and the programs used to access them, can be stored and processed on the Web.
The cloud can be likened to a public utility. Under the cloud model, computing power, like electricity, draws from the equivalent of a grid. Giant server "farms" – such as those now supported by Amazon.com and other cloud vendors – can provide not only storage but also processing power, making applications and information accessible at high speed to anyone with a computer or even a smartphone.
"A CD takes 2 or 3 days to arrive," Dr. Strong said. If a referring hospital were able to upload images into a cloud, and we would have the records up and running before a patient even gets here, it would be great, he said.
Cloud-based services are already widespread in business and personal use – think Gmail, Facebook, Google Docs, or online banking. Proponents of cloud in health care suggest that its flexibility (hospitals can use as little or as much storage and computing capacity as they need), its processing power and speed, which can help smaller hospitals perform sophisticated modeling programs the way large ones do and allowing them to run the kind of algorithms that would tie up or crash their own servers.
Those less keen on the cloud cite its vulnerability to crashes and privacy violations.
Freedom and Flexibility
Cloud applications promise greater physical freedom to hospitalists, who need to gather information on patients from a wide variety of sources and to retrieve or deliver information from wherever they happen to be in the hospital. And hospitalists, members of one of the younger-demographic medical specialties, are hardly technology-averse.
"As a practicing hospitalist working in a system that has computer-order entry and electronic records, I live in the IT world," said Dr. Robert Pendleton, Dr. Strong’s colleague at University of Utah and codirector of its hospitalist program. EMRs and portable devices "have changed my work flow. When we were paper chart–based, I had to go to the patient’s unit." Now, Dr. Pendleton said, "we pull up data as we’re rounding, and I come back to my office and put in my notes electronically."
A shift to the cloud and mobile technologies could eliminate the trip back to the office or, better still, offer hospitalists more intuitive approaches to information sharing.
"Health care is about teamwork," says Dr. Jonathan Bloor, the cofounder, along with fellow surgeon Jonathon Shaw of DocCom, a U.K.-based company that sells cloud applications modeled after such social networks as Facebook, as an alternative to traditional e-mail in hospitals. Dr. Bloor and Dr. Shaw developed the platform while working together at University Hospitals Bristol, part of the U.K.’s National Health Service, where they noticed gaps in team communication that they felt threatened patient care.
Yet while hospitalists’ work flow could greatly benefit from Web-based applications designed for physicians, cloud dependence has a flip side: The April crash of Internet behemoth Amazon’s cloud server was a stark and devastating reminder that the cloud is hardly invulnerable. Some high-profile websites that rely on Amazon’s server were left with minimal or no processing power for a week.
Safety or Speed?
With the cloud, security and encryption are also handled offsite, and information is only as secure as an individual user’s password.
This in part is why hospitals like University of Utah have been hesitant to embrace it. Migrating to a cloud model – in which many businesses and institutions, not just hospitals, store information – could collaterally expose hospitals to hackers aiming at banks or other businesses. "If you’re a hacker, are you going to target a hospital system?" Utah Healthcare’s Dr. Strong said. "If we combine storage onto a cloud [used by other types of business], we could get hacked for other reasons."
Last year, when Utah Healthcare needed to create a way to move information between its two electronic medical records systems (a legacy of the hospital’s decade-old acquisition of another health care company), its IT department chose to design a Web-based bridge – a cloud-style technology. But the server hosting the bridge is the hospital’s own. In May, Utah introduced a portal allowing referring physicians to have read-only access to records on its dedicated servers, in effect approximating some of what a cloud can do, except keeping it all in house. Cloud "is still an in-vogue term," Dr. Pendleton said. "But though the majority of health care systems have Web-based elements, they still don’t capitalize on the concept in terms of the sharing and dissemination of patient information."
A few are taking the plunge anyway. This spring, the University of California San Diego Medical Center’s trauma department began using a cloud system to move radiology files, making it one of the first major hospitals in the country to switch from CDs.
The reason, said trauma surgeon Jeanne Lee, is that UC-San Diego receives referrals from trauma centers at two smaller hospitals that can take from 45 minutes to 2 hours to complete. "It’s a lot of wasted time," Dr. Lee said, which could be better used if the hospital had the radiology information before the patient arrives.
Dr. Lee said that while there had been a debate at San Diego about whether to move to a cloud model, "any system you use is liable to some sort of breach," and so far, "security hasn’t been an issue."
One Password Away
DocCom’s Dr. Bloor said that an increasing number of U.K. hospitals are using cloud-based applications, though not yet for patient records. DocCom’s own products aren’t designed to exchange patient-identifiable information but rather to coordinate teamwork within networks of National Health Service hospitals.
Still, the company aims to produce a platform capable of allowing teams to consolidate and communicate about patients, including the sharing of records – but this is probably years or even a decade before it is likely to be adopted wide scale, Dr. Bloor and Dr. Shaw concede. In the United Kingdom as in the United States, the cloud is a long way from being accepted in a hospital setting as quickly as it has been in business, they said.
One NHS hospital in London has recently begun experimenting with a cloud model for patient records that would allow both clinicians and patients to access them from Internet-connected devices. But the "records" being used are simulations, and the project has attracted some controversy – mostly over privacy and security – even before its official rollout in August.
David Sansom and Brent Hicks, codirectors of clinical IT solutions at the Cleveland Clinic, say that despite concerns about patient information on the cloud, there’s already more of it there – at least in the United States – than people realize. They point to Surescripts, one of the country’s largest e-prescription networks, which uses a Web-based system for its 220 million member records on the cloud.
The Cleveland Clinic’s innovations department is currently working on a number of inventive cloud-based technologies, Mr. Hicks and Mr. Sansom say, including some that both supply data to clinicians to aid patient care and feed clinical data back into models. Recently, Cleveland Clinic’s innovations department spun off a company called Explorys, whose cloud-based product aggregates data on 10 million patients for use in population-based studies – information that, Explorys insists, is HIPAA secure.
While Mr. Hicks and Mr. Sansom are strong advocates for using the cloud in hospital settings, neither dismisses the privacy and security concerns the technology raises.
Hospitals must have the capacity to cache months worth of data in house as a safeguard against Internet connection failures, they say, and the cloud itself can become another point of failure, as the Amazon crash showed. Meanwhile, "HIPAA requirements were never designed for cloud-based computing," Mr. Sansom said. HIPAA requires two methods of identification, which is still not secure enough. When an EMR system is run in house, Mr. Sansom said, someone has to physically come into the hospital, find an unguarded PC, and enter a password to access sensitive patient information. With the cloud, of course, it’s only a password, he points out: "And that’s the problem."
For years, hospitalists at University of Utah Healthcare have yearned for a fast, elegant way to share information with referring physicians.
When patients are referred from nonaffiliated practices, "they arrive with medical records burned onto a CD," said Dr. Mike Strong, a hospitalist and the chief medical information officer for the university’s hospitals and clinics, which are based in Salt Lake City.
"One of the big frustrations is the referring physicians say ‘we love the care that you give us, but it feels like our patients are going into a black hole,’ " Dr. Strong said. "We take care of them, and the patients come back, but the physicians feel that they don’t see the whole story."
For Utah Healthcare and others grappling with similar problems, the solution may lie in the "cloud," medical IT experts say. With cloud technology, electronic medical records (EMRs) and images, and the programs used to access them, can be stored and processed on the Web.
The cloud can be likened to a public utility. Under the cloud model, computing power, like electricity, draws from the equivalent of a grid. Giant server "farms" – such as those now supported by Amazon.com and other cloud vendors – can provide not only storage but also processing power, making applications and information accessible at high speed to anyone with a computer or even a smartphone.
"A CD takes 2 or 3 days to arrive," Dr. Strong said. If a referring hospital were able to upload images into a cloud, and we would have the records up and running before a patient even gets here, it would be great, he said.
Cloud-based services are already widespread in business and personal use – think Gmail, Facebook, Google Docs, or online banking. Proponents of cloud in health care suggest that its flexibility (hospitals can use as little or as much storage and computing capacity as they need), its processing power and speed, which can help smaller hospitals perform sophisticated modeling programs the way large ones do and allowing them to run the kind of algorithms that would tie up or crash their own servers.
Those less keen on the cloud cite its vulnerability to crashes and privacy violations.
Freedom and Flexibility
Cloud applications promise greater physical freedom to hospitalists, who need to gather information on patients from a wide variety of sources and to retrieve or deliver information from wherever they happen to be in the hospital. And hospitalists, members of one of the younger-demographic medical specialties, are hardly technology-averse.
"As a practicing hospitalist working in a system that has computer-order entry and electronic records, I live in the IT world," said Dr. Robert Pendleton, Dr. Strong’s colleague at University of Utah and codirector of its hospitalist program. EMRs and portable devices "have changed my work flow. When we were paper chart–based, I had to go to the patient’s unit." Now, Dr. Pendleton said, "we pull up data as we’re rounding, and I come back to my office and put in my notes electronically."
A shift to the cloud and mobile technologies could eliminate the trip back to the office or, better still, offer hospitalists more intuitive approaches to information sharing.
"Health care is about teamwork," says Dr. Jonathan Bloor, the cofounder, along with fellow surgeon Jonathon Shaw of DocCom, a U.K.-based company that sells cloud applications modeled after such social networks as Facebook, as an alternative to traditional e-mail in hospitals. Dr. Bloor and Dr. Shaw developed the platform while working together at University Hospitals Bristol, part of the U.K.’s National Health Service, where they noticed gaps in team communication that they felt threatened patient care.
Yet while hospitalists’ work flow could greatly benefit from Web-based applications designed for physicians, cloud dependence has a flip side: The April crash of Internet behemoth Amazon’s cloud server was a stark and devastating reminder that the cloud is hardly invulnerable. Some high-profile websites that rely on Amazon’s server were left with minimal or no processing power for a week.
Safety or Speed?
With the cloud, security and encryption are also handled offsite, and information is only as secure as an individual user’s password.
This in part is why hospitals like University of Utah have been hesitant to embrace it. Migrating to a cloud model – in which many businesses and institutions, not just hospitals, store information – could collaterally expose hospitals to hackers aiming at banks or other businesses. "If you’re a hacker, are you going to target a hospital system?" Utah Healthcare’s Dr. Strong said. "If we combine storage onto a cloud [used by other types of business], we could get hacked for other reasons."
Last year, when Utah Healthcare needed to create a way to move information between its two electronic medical records systems (a legacy of the hospital’s decade-old acquisition of another health care company), its IT department chose to design a Web-based bridge – a cloud-style technology. But the server hosting the bridge is the hospital’s own. In May, Utah introduced a portal allowing referring physicians to have read-only access to records on its dedicated servers, in effect approximating some of what a cloud can do, except keeping it all in house. Cloud "is still an in-vogue term," Dr. Pendleton said. "But though the majority of health care systems have Web-based elements, they still don’t capitalize on the concept in terms of the sharing and dissemination of patient information."
A few are taking the plunge anyway. This spring, the University of California San Diego Medical Center’s trauma department began using a cloud system to move radiology files, making it one of the first major hospitals in the country to switch from CDs.
The reason, said trauma surgeon Jeanne Lee, is that UC-San Diego receives referrals from trauma centers at two smaller hospitals that can take from 45 minutes to 2 hours to complete. "It’s a lot of wasted time," Dr. Lee said, which could be better used if the hospital had the radiology information before the patient arrives.
Dr. Lee said that while there had been a debate at San Diego about whether to move to a cloud model, "any system you use is liable to some sort of breach," and so far, "security hasn’t been an issue."
One Password Away
DocCom’s Dr. Bloor said that an increasing number of U.K. hospitals are using cloud-based applications, though not yet for patient records. DocCom’s own products aren’t designed to exchange patient-identifiable information but rather to coordinate teamwork within networks of National Health Service hospitals.
Still, the company aims to produce a platform capable of allowing teams to consolidate and communicate about patients, including the sharing of records – but this is probably years or even a decade before it is likely to be adopted wide scale, Dr. Bloor and Dr. Shaw concede. In the United Kingdom as in the United States, the cloud is a long way from being accepted in a hospital setting as quickly as it has been in business, they said.
One NHS hospital in London has recently begun experimenting with a cloud model for patient records that would allow both clinicians and patients to access them from Internet-connected devices. But the "records" being used are simulations, and the project has attracted some controversy – mostly over privacy and security – even before its official rollout in August.
David Sansom and Brent Hicks, codirectors of clinical IT solutions at the Cleveland Clinic, say that despite concerns about patient information on the cloud, there’s already more of it there – at least in the United States – than people realize. They point to Surescripts, one of the country’s largest e-prescription networks, which uses a Web-based system for its 220 million member records on the cloud.
The Cleveland Clinic’s innovations department is currently working on a number of inventive cloud-based technologies, Mr. Hicks and Mr. Sansom say, including some that both supply data to clinicians to aid patient care and feed clinical data back into models. Recently, Cleveland Clinic’s innovations department spun off a company called Explorys, whose cloud-based product aggregates data on 10 million patients for use in population-based studies – information that, Explorys insists, is HIPAA secure.
While Mr. Hicks and Mr. Sansom are strong advocates for using the cloud in hospital settings, neither dismisses the privacy and security concerns the technology raises.
Hospitals must have the capacity to cache months worth of data in house as a safeguard against Internet connection failures, they say, and the cloud itself can become another point of failure, as the Amazon crash showed. Meanwhile, "HIPAA requirements were never designed for cloud-based computing," Mr. Sansom said. HIPAA requires two methods of identification, which is still not secure enough. When an EMR system is run in house, Mr. Sansom said, someone has to physically come into the hospital, find an unguarded PC, and enter a password to access sensitive patient information. With the cloud, of course, it’s only a password, he points out: "And that’s the problem."