Monthly Archives: June 2018

Considerations For Healthcare in the Cloud

Posted on by

Healthcare organizations are in the midst of a massive transition, updating decades-old systems to fall into line with compliance and reconsidering the way they manage, store, and exchange data. This mass migration often includes moving infrastructure to the cloud and redoing EHR systems.

Cloud computing is sometimes looked on with suspicion by healthcare professionals, especially after several very public breaches in recent months. However, new HIPAA rules governing cloud services and patient privacy have made it easier for organizations to transition with confidence.

Even with this improved definition and numerous available cloud services, there are pitfalls that may be faced in the transition period, especially as companies learn and grow. I’ve listed some of the considerations that any organization should keep in mind when migrating and looking to gain more agility through the cloud.

Know Your Service

Before committing to migration to AWS, Azure, or another cloud platform, know what these IaaS providers will be giving your organization. Establishing a good service agreement requires an intimate knowledge of your organization’s needs. Consider which applications and functions are the most essential to your cloud services and build out your priorities from there. Finally, keep in mind that your needs may change over time. A periodic update of what matters from your cloud services will keep your business poised to get the most out of the service you are paying for.

Know Your Security

One of the biggest sticking points when transitioning to the cloud in a healthcare environment is security of personal data. It is easy to design a cloud infrastructure that fulfills your needs while also being very secure, but this does take some level of planning beforehand. These cloud providers may very well have specialized compliance plans in place for healthcare organizations, so ask about both your options and how they have served similar groups in the past. They may even have experts able to walk you through the migration process in as safe and expedient of a manner as possible.

Know Your Price

Total cost of ownership (TCO) can be surprisingly high for some subscription-based services, and knowing the financial burden of migrating to the cloud is as valuable as knowing security risks and the like. Design is huge here, and as with my first point, any organization looking to adopt a cloud infrastructure will need to be carefully audited to ensure that there are no excess costs. Scalability is also important, and a good cloud design allows for an organization to add more or dial back as needed.

Know Your Performance

Your network is defined not only by how data is stored, but by how quickly it can be moved and retrieved. Slow networks can be frustrating at best, and in a healthcare environment, can even risk lives. Consider both application structure and the location of the data when designing a cloud environment to maximize performance. Ensure that key applications and workloads receive priority. Fortunately, good architecture is easy to implement into the overall structure of the cloud.

EHRs and Compliance

Posted on by

Managing electronic health records, or EHRs, in a digital ecosystem takes some level of caution, given the high value of the personal information. Healthcare organizations have struggled when it comes to providing patients with their EHRs in a compliant manner. Many of these issues stem from the patients’ lack of knowledge about how to properly access these records.

As per HIPAA privacy rules, organizations are required to provide EHRs to patients upon request. In these instances, they are allowed to have them sent to a person or entity of their choosing after paying a reasonable fee.

The “reasonable” part of this requirement has been called into contention, with a patient advocacy organization reporting some patients paying hundreds of dollars for their medical records. In two instances, patients were charged a subscription fee by the organization to access medical records.

After the release of these findings, medical organizations defended the costs associated with EHR distribution. Retrieving medical records can be a surprisingly extensive process, with information pulled from multiple EHR systems, resulting in a document that can be hundreds of pages long and filled with minutiae. Additionally, much of this often needs to be trimmed to ensure that the information is only relevant to the patient the records are being distributed to.

Add in security concerns for the transfer of data, especially when requesting it from a third party, and it’s easy to see why it has proven difficult for many healthcare organizations. In several states, fees for third party requests are generally higher than those charged to patients. This is because fees for third party requests at the behest of a patient are not covered under HIPAA regulation.

Laws differ from state to state, making it important for organizations to understand how their laws determine charges for EHRs. For instance, Kentucky entitles individuals to a single free copy of their medical records.

Additional difficulty in handling EHRs is a result of inadequate patient education regarding ways to access records. Educating them on the subject is less an IT concern and more a question of how patient engagement can be leveraged to promote HIPAA compliance. New forms for both healthcare organizations and patients released by AHIMA have aimed to improve understanding of these processes.

Even just making patients aware that they have the right to access their health information is an important step toward compliance. The form was made with the intention of it being flexible across organizations, allowing them to adapt it for their needs and patients.

As more and more healthcare providers update their EHR systems in the coming years, expect to see improvements in the ways that information is both delivered and made apparent to patients. Tools that improve patient access and are HIPAA-compliant are sure to be in demand as organizations work to do away with their antiquated and unwieldy paper records.