The state of hybrid IT in healthcare

Leon Adato, Head Geek, SolarWinds - Print  | 

IT executives at healthcare organizations are reluctant to move elements of their infrastructure to the cloud, even if some is left on-premises.

However, this structure, known as hybrid IT, has quickly become the reality for most other industries, with 92 percent of IT professionals recently survey by SolarWinds saying adopting cloud technologies is important to their company's success, but 60 percent noting it's unlikely their total IT infrastructure will ever be migrated to the cloud.

In the healthcare industry, however, concerns over security make the move to the cloud a challenge because the process and end result can include risks and compliance issues. For this reason, the healthcare industry's cloud adoption lags behind other industries. Let's explore this further, along with some best practices for implementing hybrid IT in a healthcare environment.

Weighing the Pros and Cons of Hybrid IT in Healthcare

As more patient data becomes digitized and the volume of that data rises, the cloud becomes an increasingly appealing way to manage capacity and growth, all for a lower total cost of ownership than a strictly on-premises strategy could offer. Additionally, hybrid IT allows companies, especially those with multiple time zones and varying levels of activity throughout the day and night, to provision their compute needs and reduce downtime or latency.

Also appealing is how modern hybrid IT strategies can help healthcare organizations in many countries, including the United States, comply with data residency regulations, which require companies in France, for example, to keep all sensitive data on servers inside their own country. To solve this five to ten years ago, companies would place miniature data centers regionally, writing applications that would ensure the correct data would be pulled for the right needs at the right time. Now, with a hybrid IT environment, Amazon Web Services, for example, solves this issue with availability zones, where all data in the data center appears as one contiguous set assigned to certain cloud regions. From a compliance standpoint, availability zones are the one of the biggest benefit to healthcare organizations because they don't allow specific datasets to move around in noncompliant ways.

Today, Brexit adds even more complications to this equation that hybrid IT can help alleviate. The United Kingdom (UK) and European Union have yet to define which data residency standards the UK will follow, so with a hybrid IT strategy, companies can both work with today's current regulations climate, but also be able to quickly pivot should the laws change. Without hybrid IT and a cloud strategy, IT professionals in healthcare organizations will have to spend countless hours and dollars rewriting applications to fit updated standards.

As sure as hybrid IT simplifies data residency and provides easier and more cost-effective ways to manage increasing medical data, there are certainly challenges to consider as well, such as ensuring the availability of cloud services without direct control over them. At the end of the day, healthcare organizations' in-house IT Professionals are still responsible to ensure the performance of all the network connections their organizations rely on, whether they own the networks or not. In essence, they have become responsible for not only their networks, but the networks of cloud and SaaS providers and the networks of their ISPs.

Thus, they can end up having cloud-based applications dependent on multiple networks over which they have no visibility into and thus no authority over. These applications may range from simple things such as a website or remote web service, all the way up to a complex mission critical application, which in the healthcare world, can truly be life or death.
Another obvious concern is the ever-increasing need to secure electronic personal health records, which also ties into HIPAA privacy law compliance. A key challenge is that the classic security model of confidentiality, availability and integrity looks different in a hybrid IT world. By definition, hybrid IT takes data that was in an on-premises data center and spreads it across the internet. How does one ensure confidentiality if data is entered into a vendor's application and that data is then shipped across the world to data centers with different local regulations on data security? Application-level encryption in transit, typically TLS, can help, but just because the data was transported securely doesn't mean it will be stored securely.

The same thing applies to the integrity of data. How does one ensure the data stored out of one's control doesn't get modified? Even in complete on-premises deployments, it's rare for IT departments to have programs in place to ensure and audit the integrity of data stored. To be fair, it's much easier to find news about data breaches from on-premises deployments than from public cloud or SaaS vendors.

At the end of the day, healthcare IT executives are faced with somewhat of a catch-22: innovate to keep pace with other industries but potentially risk downtime or a data breach, or remain technologically stagnant while complying fully with healthcare privacy regulations and perhaps even beyond but suffer from a lack of innovation and the efficiency and effectiveness benefits that come along with it.

Best Practices

The reality is there is no one-size-fits-all resolution. Every healthcare organization is different and needs to weigh the adoption of the cloud and hybrid IT based on need, benefit and risk. With that said, for any who are planning to adopt a hybrid IT strategy or perhaps already have, it's important to follow the below best practices to ensure a smooth cloud transition, implement proper performance management of a hybrid IT environment and remain as compliant and secure as possible while also reaping the benefits of the cloud.

The cloud and hybrid have proven their worth across many industries, and with the proper processes and management, organizations in even a highly regulated industry such as healthcare can benefit as well.

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.