3 Best Practices for Hospitals Integrating Patient Data in the Cloud

- Print  | 
As electronic health records and health information exchanges make patient information more accessible, healthcare organizations are seeking ways to integrate and manage this data. Integrating patients' medical records, labs and diagnostic images from different sources and storing them in one remote location can give healthcare providers a more comprehensive picture of the patient, allowing them to more effectively make decisions about their treatment. Gary Palgon, vice president of product management and strategy for Liaison Technologies, offers three best practices for integrating patient data using cloud services.

Why the cloud?

Mr. Palgon says patient data integration is "not a question of if or when, but how." Hospitals and health systems can delegate data integration either to their IT team or to cloud-based services. "Most hospitals have historically looked to their IT staff to perform integration," Mr. Palgon says. "But they have a long to-do list of competing priorities." In addition, having the IT team gain the necessary knowledge and skills for the task would be a costly and time-consuming process, he says.

Cloud services may allow the hospital to integrate patients' data more quickly and at a lower cost, allowing hospitals to spend more resources on patient care, according to Mr. Palgon. However, hospitals that use the cloud for storing and managing data must deal with more complex legal, regulatory and security issues. For example, the hospital and third-party provider of cloud services would need to discuss access to and availability of data in the cloud. Nevertheless, Mr. Palgon says "The benefits that organizations are seeing utilizing services in the cloud are outweighing the challenges."

Healthcare organizations should have business-driven motivations for considering a cloud service, Mr. Palgon says. "Hospitals shouldn't be looking for the status quo of just moving to the cloud. There needs to be a business reason for it. Now, with the requirement of beginning to look at overall patient care as the HIE becomes part of the equation, it is the right time to look at what capabilities the cloud can offer."

Best Practices
1. Define expectations and consequences. Mr. Palgon suggests defining expectations and consequences of cloud services upfront. For instance, hospitals should delineate security expectations in the agreement with a third-party cloud services company and identify the consequences of a data breach. Hospitals should expect the third party to meet or exceed the hospital's security controls, Mr. Palgon says. He says companies providing cloud services in healthcare have similar levels of data security to companies in other industries. "Within healthcare, since [we are] so far behind [in technology], we have to utilize the experience from other industries to get where we feel comfortable that when we store patient data in the cloud and third parties are moving the patient data, that third parties can do it as good or better than [the hospital's] own team could have," he says.

2. Create access controls. Hospitals should work with cloud services companies to create policies that control who has access to what data. Limiting access to sensitive patient information will be increasingly important as more individuals share data through HIEs. Mr. Palgon says determining access controls is a two-step process, beginning with assigning an appropriate level of sensitivity to different kinds of data. "Segment data into different levels of importance," he says. The HITECH Act, for example, defines "protected health information," which is more sensitive than other data.

The second step in developing appropriate access restrictions is identifying individuals' need for accessing different kinds of data based on their role in the organization. "Matrix role and responsibility on a need-to-know basis with severity or importance of the data itself," Mr. Palgon says.

3. Ensure regulatory compliance. Involving a third party in the management of hospitals' patient data introduces an additional layer of regulations hospitals need to follow, particularly when the hospital serves patients outside the United States. "Regulatory laws globally need to be thought of," Mr. Palgon says. "If you're just dealing with a few hospitals in a region, there are still regulatory compliance issues, but not as big as when [you're] crossing country boundaries."

Learn more about Liaison Technologies.

Related Articles on Health IT and Cloud Computing:

Amendments to Electronic Communications Privacy Act Address Privacy in Cloud Computing
HIPAA Implications on Cloud-Based HIT

Cloudy With a Chance of EHRs: The Ins and Outs of Cloud Computing

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.