The move to cloud-based systems in healthcare has gained significant momentum of late, notably with athenhealth’s recent acquisition of Beth Israel Deaconess’ webOMR, but skepticism and caution still abound in many corners, particularly in the hospital world.
Seattle Children’s Hospital is one such provider in that camp, with Chief Information Security Officer Cris Ewell laying out his cautious approach today in an interview with AIS Health’s Report on Patient Privacy.
Despite seemingly limitless promise, issues of trust surrounding HIPAA and privacy abound (and given the steep lawsuits countless health systems and insurers face over data breaches, it’s hard to blame them). Like a lot of issues in healthcare and business, risk tolerance is really what’s at stake, especially for something like patient information in the cloud.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
“My job is not to trust anybody,” Ewell says. “My job is not to accept risk. I measure risk. Based on what that risk is, I say ‘Here are the controls that need to be put in place.’” He added that cloud-based systems are inherently riskier given the nature of the cloud being “out there.”
Elsewhere, providers seem eager to embrace the cloud, with athenaheath’s acquisition being among a slew of similar efforts. And Seattle Children’s may indeed take the cloud rout, with the possibility of launching a patient portal, but making the decision has to be based on a number of factors, including whether data is co-mingled with other sources of data, Ewell said.
While internal servers are undoubtedly more secure, such systems often cost tens of millions dollars and do nothing for interoperatblity, a stated goal of both the ONC and dozens of health information exchanges and hospitals. There is hope that the cloud can be more secured, with de-identified data and encryption, among other measures, and big-name systems and vendors are veering in that direction – Epic, Cerner, athenahealth, Practice Fusion, among others. If they haven’t, they will likely start in the near term.
But Ewell holds to the notion of caution, suggesting that HIPAA and cloud don’t necessarily mix well, leading to the creation of the Health Care Cloud Coalition, which is working to create security assessments for providers.
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
Ewell’s conservative approach can be contrasted with that of Washington D.C.-based MedStar, a 10 hospital system keen to incorporate the cloud . Pete Celano, director of consumer health initiatives, told the magazine that it, too, is “hyper-sensitive” about security and privacy, but that it’s careful to vet vendors.
Specifically, MedStar views cloud-based patient engagement tools as especially valuable in improving efficiencies at a lower cost.
From AIS:
“Deploying such solutions has never been easier, in his view. That’s because nowadays these products and applications work well with most major EMR systems, and can be “bolted on” to them. Previously, covered entities were dependent upon the EMR vendor itself to add new features.”
Adopting that strategy, Celano said, has given MedStar more flexibility in what it chooses for cloud-based products, such as ZocDoc and electronic clipboards from Tonic Solutions.
