Picture this: you manage the national healthcare system of a country that is responsible for the healthcare of its citizens. Suddenly, ransomware creeps into your IT system and causes a catastrophe. You have to cancel 19,500 appointments, 600 surgeries and direct the ambulances to other hospitals. You lose £92 million in this entire attack1. An investigation shows that the ransomware could attack the traditional Windows XP easily because the system was highly susceptible to such attacks and there were no cyber security checks in place2.
Sounds like a fictional incident? Well, this was exactly what happened when the ransomware WannaCry attacked the 70,000 devices such as computers, MRI scanners, and blood storage refrigerators of National Health Services hospital (NHS) in England and Scotland in 2017.
Could NHS have avoided this attack?
They could have averted the risk had they moved from traditional Windows XP to a more secure and flexible technology such as the cloud that is fortified with cybersecurity solutions.
NHS finally embraced the cloud-first approach in January 2018 and moved their data from on-site to the cloud, a move that will save them money and provide more flexibility and security in how they manage and store their data.
The healthcare industry was always skeptical about adopting new technology such as cloud due to the fear of a data breach and the Health Insurance Portability and Accountability Act (HIPAA) compliance that has laid down rules for protecting the patient's health information3. HIPAA had applied national security level standards on creating, receiving, maintaining and transmitting patient's data electronically. They also passed another act in 2009, called the Health Information Technology for Economic and Clinical Health (HITECH) Act that heavily penalized healthcare companies who violated the HIPAA rules4. This made it difficult for the healthcare companies to consider cloud for storing or transmitting patient's data. In 2013, HIPAA finally enacted the HIPAA Omnibus rule to enable patients and healthcare professionals to access and share information easily5. The hospitals have started warming up to the idea of adopting cloud technology as they could see the advantages of leveraging cloud solutions clearly outweighed their fears surrounding the risks.
A 2018 research report by BCC research predicted the global spend by the healthcare industry on the cloud to be $35 billion in 2022 and the CAGR to grow by 11.6% over the 2017-2022 period6.
The leading cloud service providers are also making efforts to address the concerns of the healthcare providers. Amazon, IBM, and Microsoft have signed a business associate agreement (BAA)7, a legal contract that binds the business associate to adhere to the HIPAA guidelines and are considered as HIPAA compliant. The cloud service providers are also spending a larger part of their IT budget on cyber security solutions. Microsoft, for example, has invested over $1 billion in cyber security8. The combined efforts by the cloud service providers, healthcare companies, and regulators have enabled the healthcare providers to offer better services to the patients.
How does the healthcare industry benefit from the cloud?
- Robust and secure infrastructure. A study by The American Journal of Managed Care revealed that apart from the infamous WannaCry incident, over 16 million patient records were stolen in the United States in 2016 and such incidents are on the rise. Although network attacks are one of the primary concerns of data security, the hospitals were even prone to other mundane problems such as improper disposal or theft of paper records and patient films, and laptop threats9. With cloud, healthcare professionals will be able to save their data on the cloud and secure it from network attacks and other threats. As Vincent Campitelli, an enterprise security specialist at Cloud Security Alliance says, "If you had an on-premise data center run by a competent group of professionals, versus a cloud environment run by a comparable group of professionals natively, you're going to have a better software security environment in the cloud than you will on-premise"10. A cloud service provider is more concerned about the security of the data than the in-house teams within the healthcare organization. Hence, healthcare organizations should be less worried about the security of patient data in a cloud-based model.
- More cost-effective. A report from an HIT consultant revealed that the initial cost of installing specific software, hardware and client-server systems could cost up to $40,000 and this excludes the other expenses such as licensing fees, maintenance costs, and upgrades11. With cloud, the healthcare organizations will have to pay only for the storage, applications, and infrastructure they use12. It helps the healthcare organizations plan their IT spending efficiently and streamline their budget. It also enables them to switch spend from a CapEx to an OpEx expense.
- Easy to upgrade. Technology evolves every few years, and healthcare companies must be prepared. Updating your legacy IT system may give you total control on your data. However, the entire process of purchasing a new software license or new hardware to scale up the infrastructure can be very costly. Cloud service providers upgrade the system automatically whenever they think there is a need for it without adding any burden on the IT team or causing any downtime13.
- Data backup and recovery. As patient data increases, safeguarding them is of paramount importance for healthcare companies. HIMMS Analytics surveyed more than 100 respondents from the IT department of healthcare organizations. According to the survey, 60% of the survey respondents revealed that data recovery is the primary reason behind moving to the cloud14. Cloud reduces the upfront investment in on-premise data recovery solutions by offering data recovery as a service (DRaaS). This enables organizations to recover their data quickly when required.
Healthcare trends that will dominate 2019
- It's time for patient experience 2.0. With healthcare professionals spending more time managing patient data, their primary responsibility of providing a high-quality patient experience became a challenge as most of the professionals started to suffer from physician burnout. By moving to the cloud, healthcare professionals can focus on providing a better patient experience again. Healthcare providers such as Piedmont Healthcare and 180 Health Partners are leveraging the cloud to personalize patient interactions15. With the patient data readily available, healthcare professionals can mitigate chronic diseases, something that was a challenge earlier. It also prevents misdiagnosis due to delayed access to the data. GE Healthcare launched the GE health cloud to provide radiologists and other healthcare professionals access to a single portal to view, obtain, and share images and patient cases easily. They believe that this move will improve the interoperability between systems and save over $30 billion per year for the healthcare industry16. It will also empower the patient as they will be able to access their medical data through a patient-accessible portal and analyze their parameters by comparing it with their previous records. 17
- HIPAA compliance, the focus of cloud service providers. One of the primary reasons for healthcare organizations to avoid cloud adoption is HIPAA compliance. HIPAA stresses upon protecting public health information (PHI). As a highly regulated industry, the healthcare organizations were worried about violating the rule as moving the data to the cloud meant risking the patient data. However, cloud service providers such as Amazon, Google, IBM and Microsoft are aware of the need to be HIPAA-compliant and have signed a BAA to confirm compliance. Service providers like IBM offer HIPAA-ready services to HIPAA-covered entities to ensure that the patient's data is secure and that their data centers comply with the privacy and security rules. However, HIPAA compliance is a two-way street. The onus equally lies on the healthcare providers to review their cloud service provider carefully before choosing. The cloud service providers can only provide the tools and security to ensure that their platform is aligned with the HIPAA rules. The healthcare company is responsible for ensuring that the cloud infrastructure and applications are configured properly, and the patient's records are maintained safely. A breach in compliance could not just lead to a penalty of up to $50,000 per violation, but it can also damage the reputation of the hospital18.
- Artificial intelligence (AI) will help in reaching a faster diagnosis: Some chronic diagnosis could take days, weeks, or even a month to be found out. However, with AI, this problem can be resolved easily using machine learning (ML). Let's take IDx-DR, a cloud-based software used for detecting vision loss, as an example. The software uses AI to identify diabetic retinopathy in patients by looking at the photographs of the eyes captured by their device. Once the images are captured, the software sends them to their cloud server where the AI analyzes whether the patient needs to see a specialist. It takes just 20 seconds to a few minutes for the AI algorithm to offer a recommendation. This enables the ophthalmologists to provide medical attention to patients who need it instead of spending their time on patients who might not require it19.
- Improvement in administration and financial management. With the increasing influx of patients in hospitals, healthcare companies have been facing a tough time in managing a conventional method of billing. With cloud, healthcare companies will be able to streamline the billing process and reduce the expenditure on conventional billing practices20. Similarly, the move to the cloud has proven to be beneficial for administrators as they can manage the patients more efficiently with fewer issues and better outcomes.
As a highly regulated industry, it has taken time for healthcare companies to choose to move to the cloud. However, the healthcare industry is now actively adopting cloud to improve the services they provide to their patients. From offering remote consultation to patients staying in remote locations to storing electronic medical records (EMRs) that can be accessed anytime from anywhere during the patient's journey, cloud is playing a pivotal role in the entire process of enhancing the patient experience. Of course, the fear of data security is still a worry among healthcare companies. Nonetheless, with the popularity of hybrid cloud solutions in the healthcare industry, we believe the major shift that has already started will continue to increase with more healthcare companies embracing the cloud.