Casting aside their earlier wariness, health system executives are delving into cloud computing.
The reasons for their shift in thinking include their desire to cut data center costs, deploy new applications quickly, and access flexible and scalable resources for data storage and computing power.
“Two and a half years ago when I got here, I said to the team, ‘In five years, I want the data center to fit in my office,’” says William Hudson, associate CIO and VP of IT operations at John Muir Health, a two-hospital system in the East Bay area of San Francisco. “It is important for us to manage the orchestration of our technology and our architecture, but it is not so important to me that we are managing the replacements and upgrades of CPUs and RAMs,” Hudson says.
At John Muir Health, this involved a fundamental shift away from a philosophy that Hudson describes as, “I am going to put everything in my box and build walls around it.”
A total of 69 percent of health system professionals in a 2017 KLAS survey appear to agree with Hudson. Those survey respondents said they’d consider or were actively considering using cloud solutions, while 31 percent were uneasy about the cloud, citing concerns about privacy and security.
Providers often test cloud services slowly, beginning with non-mission critical office applications, such as spreadsheets, email and document sharing. Other early candidates for the cloud are applications for customer relationship management, payer contracting and staff scheduling.
Even health system executives’ reluctance to move protected health information off premise is dissipating, albeit more slowly than for other types of data.
They are moving patient information to the cloud because they want to derive useful insights out of data from myriad sources, ranging from structured and unstructured patient health records, genomic sequencing studies, remote monitoring devices and wearables, and even weather or social media posts.
The goal is to use these insights into patients’ health and behavior—both inside and outside the institutional walls—to help patients manage their existing medical conditions and reduce their risk for developing new ones.
While it’s certainly possible to manage data from disparate sources with on premise solutions, the services developed by cloud vendors—including the liberal use of APIs—are already available for this purpose.
“This is not a nice to have anymore. It is very quickly becoming an institutional imperative,” says George Gardner-Serra, partner at Clarity Insights, a consulting firm specializing in data analytics. “The leading organizations are moving very quickly in that respect.”
Vendors, eager to ink contracts in the healthcare sector, are working to address providers’ needs.
First, the major cloud vendors—such as Amazon Web Services, Microsoft Azure, and Google Cloud—have invested heavily in developing solutions that address security and privacy issues. “They are all willing to sign business associate agreements and maintain HIPAA compliant structures,” notes Jeff Becker, a senior analyst at Forrester Research.
Gardner-Serra says, “We often get questions about whether this is more secure than on prem.” He tells clients that he believes data is more secure in the cloud than it is scattered across onsite servers, laptops and desktop computers.
Second, the major cloud vendors are developing sophisticated products for managing data and using artificial intelligence to analyze it.
Third, Becker says, “there are much more compelling solutions being built on the cloud. We are seeing the rise of cloud-only vendors. And those vendors are attracting healthcare organizations—and really organizations across all industries—into the cloud.”
Examples include startup software vendors working in remote patient monitoring, population health or radiology. Athenahealth, which offers a cloud-only EHR, is another example.
Analysts expect the healthcare industry’s spending on cloud services to increase exponentially. For example, Frost & Sullivan estimates that the global cloud computing market in the healthcare sector will be about $ 10 billion by 2021.
Steady migration
When it comes to providers specifically, “very few of them are jumping head first into the cloud, if you will. They are going in more of an evolutionary migration pathway, and frankly, I think that is wise,” Gardner-Serra says.
Becker agrees, saying, “I think what we are going to see is cloud migration happening at the app level,” he says. “If you are using Microsoft OneDrive, you are going to have data on Microsoft Azure. If you are a Google Drive customer, you are going to have data on Google Cloud,” Becker says.
Take the example of MedStar Health, which is in the process of moving about 15 percent of its computing resources to the cloud, primarily involving Microsoft Office, email archives, and SharePoint applications.
Once that process is complete, about 65 percent of computing resources will be on premise in virtualized servers, while the remaining percentage will be dedicated “traditional rack and stack” servers, says Edward Fisher, vice president and chief technology officer at MedStar Health, which includes 10 hospitals in the Maryland and Washington DC area.
This mix of computing resources does not include the health system’s EHR, which is hosted at Cerner’s data center in Kansas City, or enterprise resource planning system, Oracle PeopleSoft, which MedStar Health plans to move to Oracle’s hosted environment.
MedStar also hosts its consumer-facing website on AWS’ virtual private cloud.
MedStar Health also plans to evaluate whether to move applications that currently reside in dedicated servers to either the cloud or a virtualized environment. These include “all those ancillary or support systems around the EHR and ERP,” such as for radiology, pharmacy or laboratory,” Fisher says.
“We will look at virtualized environments as well. If I have some unpredictable anomalies with applications, it may make sense to take them to the cloud and be able to fine tune them during month-end or quarter-end events or whatever is happening around that application. It may be better suited to move it to the cloud, so you can manage it better,” Fisher says.
On the other hand, “if it is running, and people are logging in to it and it is stable and normal, it may not make sense to move it to the cloud,” Fisher adds.
Hybrid and multi-cloud
Becker notes that application-level migration of data and apps results in a hybrid environment, with applications located in the cloud and on premise, and a multi-cloud environment, with applications located in more than one cloud vendor. Providers’ evolution to a multi-cloud environment also occurs when they purchase a cloud-only application from a vendor that has created redundancies by deploying its product on multiple clouds, Becker says.
That is the situation at John Muir Health, which already has numerous cloud-based applications in its hybrid and multi-cloud environment.
While its EHR from Epic is on premise, it has purchased numerous cloud-based applications. Examples of those include Workday, an ERP system for finance, human resources and supply chain management; Microsoft Office 365, and Care Prism, analytics software for bundled care from Clarify Health Solutions.
“We have embraced that when it was a more reliable solution. We have embraced that when it was a higher performance solution. We have embraced that when it was a more cost-effective solution,” Hudson says.
For example, John Muir Health implemented Care Prism to help it track and manage its performance in Medicare’s Comprehensive Care for Joint Replacement bundled payment program. With the platform, John Muir Health reduced the time involved in running data and producing reports by 50 percent.
Gardner-Serra says, “As you start to become more and more comfortable, there is pretty much no limitation to what you can store in the cloud,” including patient data.
Patient health information
Indeed, Rush University Medical Center is using cloud computing to store and analyze both de-identified and protected health information.
The Chicago-based academic health system developed an analytics database and machine learning models in the cloud, using tools from Cloudera running on Microsoft Azure. It applies natural language processing to unstructured clinical data in the cloud using Ember from MetiStream.
Officials at Rush University Medical Center opted for a cloud-based approach because they wanted the flexibility to scale computing resources up and down as necessary, and they also wanted access to machine learning tools for advanced analytics.
The ability to ingest an ever-increasing amount of data in the cloud, such as for genomic sequencing studies or digital images in radiology, also appealed to executives at the academic health system composed of Rush University Medical Center, Rush University, Rush Oak Park Hospital and Rush Health.
A key element of the platform is its ability to incorporate unstructured data from the EHR and from a separate pathology system. “We knew there was a lot information locked in that dataset. We have a really strong focus on understanding our quality, and making sure that we have a really good set of analytics around our quality performance,” says Bala Hota, MD, VP and chief analytics officer at Rush University Medical Center.
The Azure backbone proved particularly helpful because Rush University Medical Center could scale up computing resources temporarily to process a three-year backlog of clinical notes in 36 hours. “If we had tried to run the natural language processing engine on premise, it would have required several weeks to run through,” Hota says.
The use cases for this platform include developing models to predict which patients are likely to miss their appointments, leave the emergency room without being seen, or be readmitted to an inpatient unit within 30 days of a hospital discharge.
The medical center also used the Cloudera environment to develop a model using deep learning to predict when a surgery patient’s history and physical is incomplete. “A neural network was trained against the notes. It took a few months and a lot of iterative processes to continue to annotate data and train the model. We now have a model that works very well,” Hota says.
Rush University Medical Center integrates these models into EHR workflows to improve patient care and manage expenses.
The medical center also has moved de-identified patient data to Google Cloud to accommodate researchers studying Alzheimer’s disease. They wanted to collaborate easily with their peers at other universities who were already provisioning their data in Google Cloud, Hota says.
Hota says executives at Rush University Medical Center also envision future opportunities to improve operational efficiency and patient outcomes using emerging cloud-based tools, such as intelligent voice assistants. They’d like to develop applications to allow physicians and administrators to interact with data using voice instead of a keyboard. For example, physicians could ask for a list of patients due for cancer screenings. An administrator could ask about the number of available beds on a clinical floor, or the current wait times for patients in the emergency department.
They want these interactions to become “more conversational and less about figuring out how to formulate the exact right question,” Hota says. Once the tools are mature and HIPAA compliant, “we are going to be avid users of those,” he adds.
For organizations that would like to move patient data to the cloud in small steps, Gardner-Serra suggests that health systems begin with a stand-alone service line, such as in vitro fertilization.
Challenges
But no matter what specific approach to cloud computing they take, MedStar, John Muir Health and Rush University Medical Center have learned that IT staff members face different challenges managing hybrid and multi-cloud environments than they do managing onsite data centers.
Moving data to the cloud “doesn’t obviate your responsibility for making sure it is secure, it is manageable and it is cost effective,” Hudson at John Muir Health says.
At Rush University Medical Center, a team developed an enterprise governance and security model for cloud computing. “That way we have an approach and framework that is reproducible, so we can have a presence in any of the major cloud vendors,” Hota says. The team includes IT staff from networking, security, analytics, and database administration.
Hudson says the overall approach to security in a multi-cloud environment is different than in an onsite data center. “It is easy for me to put up a firewall and say, ‘Everything on this side is mine.’ You need to have a more federated security model,” he says. As a result, John Muir Health bought a cloud access security broker (CASB) product, which sits between users and cloud applications, from Bitglass.
Although he declined to name the vendors, Hudson also said there had been several situations in which John Muir Health did not opt for a cloud-based solution when it was in the market for a new application because the IT staff wasn’t comfortable with the vendor’s approach to security.
The orchestration of the environment becomes more complicated as well, Hudson says, because IT staff optimizes storage capacity and processing speed for each deployment rather than relying on a standard server setup.
In addition to security and orchestration issues, strategies for managing costs are different in a cloud environment because customers are often charged on a pay-as-you-go, or metered, basis.
At Rush University Medical Center, the IT staff has developed strategies to manage these operating costs.
For example, the medical center not only has an instance of the Cloudera platform in the cloud, but it also has one onsite, which the IT staff uses as its development lab to explore new use cases or methodologies. “We are not charged for that experimentation,” Hota says.
Like Rush University Medical Center, Mount Sinai Health System also figured out how to manage costs with a hosted application.
The health system uses Salesforce Health Cloud to provide both internal and external partners in a Medicaid Delivery Systems Reform Incentive Payment Program with up-to-date, read-only information on 300,000 patients. The Medicaid program is designed to improve coordination among sites of care and reduce avoidable hospital admissions.
The partners are composed of more than 10,000 individuals at 200 organizations, which include not only hospitals and clinics but also skilled nursing homes, behavioral health providers, and community resources, such as soup kitchens, homeless shelters, housing agencies, and faith-based service organizations.
For purposes of the Medicaid program, Mount Sinai and its partners are organized into a network called a Performing Provider System.
The Salesforce product, Health Cloud, sits on top of an enterprise data warehouse, which ingests patient data from Mount Sinai and its external partners. Mount Sinai built APIs, so that it can feed patient data into the Salesforce application on demand when an internal or external partner queries Health Cloud about a patient.
“They can login to this application and see the whole picture of what happened to that patient,” explains Varun Gupta, IT director of advanced analytics and data management at Mount Sinai Health System, a seven-hospital academic medical system in the New York City area.
Mount Sinai’s IT staff decided to store the patient data in the enterprise data warehouse—and not in Health Cloud—to keep the fees it pays to Salesforce affordable. If Mount Sinai had opted to store patient data permanently in Health Cloud, its operating costs for the product would be substantially higher, Gupta says.
The Salesforce application is one piece of a hybrid cloud environment for the Mount Sinai Performing Provider System that also includes Microsoft Azure.
As Gupta explains, “At Mount Sinai, we have a cloud-first strategy. What it means is that for any application that we try to build or system we try to create, we always look at: Is there a solution available on the cloud?”
Mount Sinai isn’t alone. Hudson sums up the philosophy of a growing number of providers, “I think most progressive organizations are willing to consider the cloud replacement for pretty much anything that makes sense with the right partner if they meet standards around manageability, accessibility and security. I think pretty much anything is on the table today.”