5 Best Practices for Negotiating, Beginning the Transition to Cloud Servers

Many industries, including healthcare, are investigating and experimenting with cloud technology or "the cloud". Although cloud technology may leave some healthcare professionals uneasy due to the vulnerability it could introduce to important and protected health information, it is becoming an increasingly important element of health information technology. Much of the interest stems from the valued outcomes cloud technology offers. What hospital is going to turn down potentially better care coordination, cost effective and less burdensome HIT infrastructure and streamlined HIT delivery? For these reasons, it is logical that hospitals and healthcare executives are pursuing cloud technology. For those hospitals that are ready to move data toward the cloud, here are some best practices to consider when beginning the process and negotiating with cloud providers.

1. Research reliability of cloud provider.
It is crucial to research the reliability of the provider because if its servers crash, this can cause major problems for a hospital. "Cloud computing is becoming an integral part of many businesses, and hospitals can certainly save money and streamline operations by implementing it — as long as proper research and planning is done beforehand," says Andrew Schrage, co-owner of Money Crashers Personal Finance, a company run primarily on cloud servers.

2. Prioritize security. By not implementing important security measures, the security of a hospital's sensitive information is at risk. HIPAA requires any hospital that releases personal health information to third parties to sign a business associate agreement. "It is essential for the protection of the hospital to get the cloud service provider to sign one as well," says Mr. Schrage. Furthermore, the overall level of security of the cloud service provider must be carefully reviewed.

3. Know hospital's normal data traffic patterns.
According to Lee Kirby, vice president of strategic operations for Skanska, a construction firm that builds data centers and healthcare facilities nationwide, in order for a hospital to monitor its data in a cloud server securely, it needs to know what its normal data traffic patterns are. "You can have a ton of fancy data security devices, but if you do not know what an abnormal spike in usage would be — a potential malware threat — then the data security tools are not being fully utilized. [The hospital] could miss a data breach," says Mr. Kirby.

4. Negotiate data downtime with cloud provider. [Hospitals should] consider requiring cloud providers to agree to financial penalties or a service level agreement in the hosting agreement as a way to maintain control over data downtime, according to Paul Rubell, equity partner in Meltzer Lippe, who advises healthcare providers about cloud computing agreements. Despite the considerable benefits of utilizing the cloud to store confidential patient data, there are significant legal issues of concern for patient privacy, timely access to patient records and webhost selection. Under federal law, providers are required to maintain the privacy and security of health information, and under state law, a patient owns his or her own healthcare records. However, it can become difficult for a patient to obtain his or her records upon request when those records are stored "in the cloud" by an unknown third-party data hosting company.

"Current industry standard is 'the 4 nine's;' that is, the webhost should contractually commit to being up and running at least 99.99 percent of the time. Downtime — other than for emergencies — should be specified in the agreement, such as Sunday mornings from 2 to 4 a.m. A good agreement would provide significant discount for the hospital's payment obligations if the uptime requirement is not met," says Mr. Rubell.

5. Conduct a slow and measured transition process. When a hospital decides to implement cloud computing, the transition process should be slow and measured. For instance, it is best to begin by moving some of the less complex or less sensitive data, such as email and payroll information. "By doing this, the staff can get a feel for how the cloud and the service provider function. Once this task is completed, more sensitive data, such as patient health records, can be moved," says Mr. Schrage.

More Articles on Cloud Technology:

10 Experts Give Tips to Combat Mobile Device Threats to Healthcare
9 Best Practices For Hospital Data Security in a "Bring Your Own" Era
6 Valuable Outcomes Cloud Technologies Offer Hospitals

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars