The digitalization of healthcare information has created tremendous opportunities for enhancing operational efficiencies, improving clinical decision-making, and more. But to make the most of these opportunities, health tech businesses, providers, and payers must carefully consider where to store their data. They need to efficiently connect data with new apps and support fast-growing data volumes—while also protecting sensitive and highly regulated patient information.
For many organizations, the cloud is the answer. Cloud service providers (CSPs) can often provide healthcare organizations with the right combination of cutting-edge technology, cost-effective scalability, high availability, compliance, and security. Still, organizations must find the right CSP.
Is your organization considering migrating healthcare data to the cloud or expanding your cloud storage environment? In this post, we’ll explore the potential benefits of cloud storage, possible challenges, and essential criteria for selecting the right cloud provider for your business.
Why is healthcare data storage so important?
Data storage is too often an afterthought. Organizations might be focused more on the immediate priorities of delivering patient care, processing claims, or developing the next great app than on implementing a long-term strategy for storing data. Yet an effective data storage strategy can have an important impact on addressing those priorities.
Providers must be able to readily access electronic health records is critical for delivering efficient and effective care. Payers, meanwhile, need ways to apply analytics to large data volumes so they can monitor trends, identify risks, and track shifting patient needs. And health tech companies need to integrate their apps with rich data sources to create the services that providers, payers, and patients demand.
Some healthcare organizations have continued to store data on premises—often to help ensure compliance with strict regulations. But the fast growth of data volumes, the rising costs of managing an expanding on-premises infrastructure, and the migration of apps to the cloud are all driving more organizations toward public cloud environments.
What are the benefits of cloud storage for healthcare data?
Healthcare organizations store data in the cloud for some of the same reasons that they build and run apps in the cloud.
OpEx cost model:
By using cloud storage, you can avoid the high capital costs of purchasing, deploying, and maintaining physical storage systems in your own data center. You can also avoid wasted spending on underutilized capacity. With the cloud, you pay only for what you use, as you use it.
When you need to expand your capacity, cloud storage makes it fast and simple. Adding storage capacity—or compute resources—requires only a few clicks. You can accommodate temporary spikes in demand or long-term growth more cost effectively than expanding an in-house infrastructure.
In the past, healthcare organizations were reluctant to store electronic protected health information (ePHI) in the cloud. But as cloud services have matured, cloud providers have bolstered security. Today, CSPs can offer robust security capabilities that would be too expensive for many independent healthcare businesses to implement on their own.
Availability and business continuity:
Well-publicized outages for major CSPs might cause some organizations to reconsider relying solely on the cloud for running vital apps or storing data. Still, using the cloud enables you to avoid the costs of buying and managing the additional hardware and tools required for maintaining continuous availability. In many cases, using cloud service providers for backup and disaster recovery (DR)—with their geographically dispersed data centers—can deliver better results at significantly lower costs than implementing similar strategies on your own.
Access to innovative technologies:
Many organizations build and run apps on the cloud so they can tap into cutting-edge technologies offered by CSPs, such as artificial intelligence (AI)/machine learning (ML) services, analytics, and data visualization capabilities. You can also use those technologies with cloud-based data sets, such as genomics data sets that can help you better identify risks for patients. When you store data in the cloud, you can capitalize on those technologies and data sets more easily, without having to upload data from your on-premises environment.
What are the challenges of using the cloud for healthcare data storage?
Storing healthcare data in the cloud is not without its challenges. In particular, controlling access to that data and ensuring compliance with healthcare regulations can be difficult, especially if your team is unfamiliar with the specific tools and services offered by CSPs.
Healthcare organizations are by far the most frequent targets of cyberattacks. You need to make sure that access to sensitive data is tightly controlled within whatever cloud environment you are using.
Beyond protecting data from external cyberthreats, you also need to safeguard data from unauthorized use within your own organization. Accidental or purposeful mishandling of data stored in the cloud could leave your company vulnerable to larger threats or compliance violations.
Your data access policies should be part of a larger effort to ensure HIPAA compliance. Enacted in 1996, HIPAA mandated the creation of national standards for safeguarding PHI. Those standards were set in the privacy and security rules that were issued subsequently by the US Department of Health and Human Services (HHS).
According to the HHS, PHI is any individually identifiable health information held or transmitted by entities covered by HIPAA and those entities’ business associates. PHI can include electronic, paper, or oral information. That information—which includes names, addresses, birth dates, and Social Security Numbers—can be found in healthcare records and payment records.
HITRUST certification allows you to prove compliance with HIPAA and other regulations as you store healthcare data in the cloud. But achieving HITRUST certification is not easy. It can take organizations more than 200 hours to complete the initial multi-step certification process and then many more hours to maintain certification going forward. Even as your team becomes familiar with cloud tools over time, they will have to continuously address changing certification requirements.
How do you choose the best cloud for storing your healthcare data?
Today 84 percent of healthcare organizations use some cloud services. But selecting the right public cloud for storing healthcare data is essential for maximizing cloud benefits and minimizing challenges. What are the right criteria for choosing a CSP?
Finding a cloud provider that can help you meet rigorous HIPAA requirements should be a top priority. The cloud provider should offer a full range of relevant security capabilities—including access control, authentication, data encryption, and physical protection.
Your CSP should also be willing to enter into a business associate agreement (BAA) with your organization. According to HIPAA rules, a CSP becomes your business associate when you engage that CSP to store or transmit ePHI on your behalf. The BAA makes the CSP liable for compliance with HIPAA rules.
Not all cloud providers are willing to enter into BAAs, however. For example, Apple iCloud—which is used to backup Apple iPads, iPhones, and Macs—offers authentication and encryption capabilities to secure data. But as the HIPAA journal reports, Apple explicitly states that this cloud service should not be used for storing or sharing ePHI.
If HITRUST certification is your goal, look for a provider that enables you to inherit some of the security controls you would need to implement for certification. AWS and Azure both offer inheritable controls. Working with Cloudticity enables you to inherit even more. Inheriting controls can help you significantly reduce the time and costs of certification.
The cloud can enable you to do more with the data you are storing. You can generate new insights, visualize trends, predict future events, and enable more data-driven decision-making—but only if you select a CSP that offers the innovative technologies you need for augmenting your own technology. Defining your technical requirements and business aspirations will be essential for finding the right CSP for your business.
Clearly, cloud service costs should factor into your CSP selection. But be sure to look beyond the per-GB monthly pricing. You’ll need to consider additional costs for data redundancy, data transfers, the operations you will perform on data, any innovative services you plan to add, plus support.
In addition, estimate the potential costs of ensuring compliance and achieving HITRUST certification. Working with a CSP and managed services provider (MSP) that will enable you to inherit controls, for example, could bring down those costs.
Ready to move forward with cloud storage?
For many healthcare organizations, public clouds offer the best option for storing valuable, fast-growing volumes of data. With the right CSP, your business can shift your cost model, improve scalability, enhance security, and increase availability while tapping into innovative technologies. Partnering with an MSP such as Cloudticity can help you streamline HIPAA compliance and HITRUST certification so you can stay focused on maximizing the value of data for your business. Schedule a free consultation with one of our specialists today. Or download The Case For Public Cloud in Healthcare to learn more about how the cloud can put your healthcare business ahead.