Healthcare’s cloud journey

The past 18 months have proven that healthcare needs the cloud. We all witnessed cloud computing’s essential role delivering critical services in the pandemic — supplying unprecedented speed, scale, and efficiency in meeting a tsunami of demands on telehealth, vaccine development, public health coordination, mass vaccination roll-out, health system infrastructure modernization,…you name it.

Cloud capability has demonstrated clear value in healthcare and the race is on for the entire sector to master it. BDO’s 2021 Healthcare Digital Transformation Survey of U.S. healthcare executives at large organizations (annual revenues between $100 million and $3 billion) reports that 78% of those organizations are deploying cloud computing, 60% are adding new digital projects, and 42% are accelerating some or all their existing digital transformation plans as a result of 2020’s events. Recent McKinsey analysis notes broad consensus that the use of cloud technologies has “the potential to generate value of $100 billion to $170 billion” for healthcare companies by 2030.

Achieving those capabilities and generating that value is not trivial, especially for smaller or mid-size healthcare entities that don’t have billions of dollars to burn on IT at their disposal. But they can still get there.

The journey to the cloud

Today, making the journey to the cloud is much like any other journey. If you need to travel far and fast, you fly. And unless you’re an outrageously wealthy eccentric, you don’t build your own plane and become a jet pilot in order to get where you want to go. You book an airline ticket.

Our world has a robust transportation infrastructure and thriving ecosystem of associated services staffed by trained professionals who can affordably and efficiently meet your travel needs. It’s a necessarily complex and multilayered environment with a litany of technical and regulatory rules and requirements that can and do cause frustration. But it works. Every day, millions of people jet quite freely, safely, and reliably around the globe at their discretion.

The same is true in IT terms for organizations making the cloud journey.

Cloud service providers (CSPs) — as Amazon Web Services (AWS), Microsoft Azure, Google — essentially supply and maintain the “airspace” and many of the essentials required for flight, while an abundant network of partner organizations and managed services providers (MSPs) supply various forms of assistance in everything from initial onboarding to staying aloft long term and future-proofing tomorrow’s travels.

Why we fly

While compute-intensive next-gen capabilities utilizing AI/ML and automation are alluring, cost is the primary motivator driving healthcare organizations to the cloud. Most hospitals and public health departments and HIEs just can’t afford to meet today’s data flow and computational demands with yesterday’s IT. But they can acquire what they need “as-a-service” from the cloud.

It’s important to note that those needs are highly specialized. Healthcare hinges on the flow of critical and sensitive information on private and protected — often literally life or death — matters. As such, healthcare IT entails a higher order of conscientiousness than in other sectors. A retail clothing chain may want 100% failover for their cloud-powered customer service applications, but no one is going to die if they suffer a brief outage.

Thus, healthcare cloud computing comes with unique constraints and compliance requirements driven by unique risks.

Safe travels?
Cybersecurity is one important facet of this dynamic. A recent U.S. Department of Health and Human Services (HHS) report showed “239.4 million cyberattacks attempted in 2020,” including about a million healthcare records breached each month, with an average of 816 attempted attacks per healthcare endpoint representing a 9,851% increase from 2019.

The rise of healthcare-targeted ransomware is particularly troubling. Brookings reports that the rate of ransomware attacks has soared across all industries since the onset of the pandemic, but “healthcare has been the disproportionate target of such attacks.” In the first half of 2021, the U.S. Department of Health and Human Services (HSS) tracked 82 ransomware incidents impacting the healthcare sector worldwide, with nearly 60% of those impacting the United States health sector.

There are a host of IT regulations, requirements, guidelines, and best practices aimed at protecting patients and curbing healthcare cyber threats — but it’s up to healthcare organizations to implement them and demonstrate compliance with applicable requirements (HIPAA, GDPR, Cures Act/ONC Final Rule, NIST, etc.). While not government-mandated, the HITRUST CSF has become the de facto cybersecurity framework standard for the healthcare sector precisely because it helps organizations “efficiently implement various frameworks that the government does require” and establish solid cyber defenses.

Highlighting HITRUST
Obtaining HITRUST certification is a robust audited process that involves addressing complicated sets of controls and meeting myriad requirements continuously. The rigor of the certification process ensures that meeting its guidelines is differentiating — but that rigor can be daunting and costly in terms of both time and resources.

Cloud utilization can smooth parts of the HITRUST certification process because security and compliance in the cloud is a shared responsibility and organizations can inherit some control attestations from their CSPs. Just as your airline carrier is responsible for the maintenance, safety, and security of its planes when you fly, AWS or Azure is responsible for physical data center maintenance, safety, and security controls when they’re your CSP.

But as with air travel, where passengers still face rules and conduct requirements — and bear individual responsibilities for their journeys — cloud usage doesn’t automatically confer good cybersecurity or HITRUST certification.

Wide Blue Yonder

For a multitude of cloud complexities, specialized MSPs can help. Healthcare organizations can navigate the route to HITRUST certification more easily and quickly (accelerating certification timelines 10–50%) with the aid of a good MSP.

The role of the MSP in healthcare IT is quite simply to radically streamline cloud migration, implementation processes, compliance controls, and ongoing data management safeguards for perpetual preparedness, reliability, and efficiency. That support fortifies cybersecurity and compliance frameworks, but also enables a much more powerful paradigm: Rather than redundant operations and security duties — which are offloaded to the MSP and largely automated — the healthcare organization’s IT department is unbridled for managing activities that drive business growth and value for the organization, like innovation and product development.

That is the most exciting aspect of healthcare’s cloud journey. With that kind of lift, the sky really is the limit.

Gerry Miller is CEO at Cloudticity. Gerry founded Cloudticity in 2011 with a passion for helping healthcare organizations radically reshape the industry by unlocking the full potential of cloud technology.