Adam Stern | Healthcare Business Today
Healthcare delivery is tough enough; most medical practices would prefer not to wade into the fog of IT, especially given just how obtuse the tech world has become. For those practices making the shift from an in-house solution to the cloud, getting the language right is Job #1. Familiarizing yourself with some basic terminology won’t turn you into an expert but it can provide a grounding in the fundamentals – which can make you into a wiser IT consumer and perhaps a more savvy user.
By the same token, myths and clichés about the cloud – as about any subject — are the status quo’s best friend. It’s difficult to embrace changes in business technology when some of the most basic assumptions surrounding it are obsolete, misguided or simply unfounded. Exploding these fake facts ought to be Job #2.
Let’s look briefly at each, in turn: First, some lingo you’ll need to know:
Public Cloud? Private Cloud? Hybrid Cloud?
As the cloud has expanded, it more or less subdivided – private (that is, proprietary or internal to one organization), public (in which service providers make applications and storage available to any business over the Internet, typically for a monthly usage fee) and hybrid (a blend of both). Put another way, some of your workload is under your control, some outside of your control and some situations mix the two. These days, the hybrid cloud is ubiquitous. The majority of organizations rely on servers and computers, and some data resides on various desktops; some is stored with Apple or Dropbox or Microsoft, and some organizations have embraced Infrastructure as a Service (IaaS) or Software as a Service (SaaS); see below.
The right question isn’t, “Should I go on or off premises? Should I opt for the hybrid cloud, the public cloud, or a private cloud?” The smart question is, “what’s strategically best for my medical practice?” When you frame the query in that manner, you can determine where to place your compute power, and you begin to gain control over the dynamic. Want to reduce costs? Increase efficiencies? Achieve some other objective? Go back to basics.First, decide what your metrics are and how they serve the business – then select the technology.
SaaS, IaaS. PaaS.
At its most basic level, IaaS enables medical practices to move all or part of their compute environment to the cloud (that is, off premises), and to make the migration without modifying any of their existing applications. The market is now awash in IaaS tools and technologies, empowering medical practices that may lack traditional computing resources to benefit from robust products and platforms.
In the mushrooming world of the cloud, IaaS is distinguished from two other “as a service” models – Software as a Service (SaaS) and Platform as a Service (PaaS). Without getting mired in terminology, SaaS is essentially a software rental model, where individual applications are hosted – again, off-premises – for a monthly subscription fee. All users need is a web browser and they’re good to go.
Platform as a Service, PaaS, is somewhat more ambitious while remaining steadfastly user- (and application-) specific. PaaS is ideal for medical enterprises writing applications that are specific to their business – and they don’t need to build and maintain the infrastructure usually required to develop and launch app. PaaS makes it possible, even easy, to develop applications rapidly with little technical know-how – applications that aren’t intended to be sold but that run on a single, captive platform. If the platform for which the app was written changes or ceases to exist, however, users are out of luck. With PaaS, internal development teams are compelled to ride the IT rollercoaster, forever investing and reinvesting in platform-specific application development.
The Mnemonics of Security.
For medical practices operating in the age of HIPAA, security is process, not an event — a mindset, not a matter of checking boxes and moving on, as one might on a medical claim form. As Wired noted following the global WannaCry ransomware attack, “hospitals are the most common target of ransomware — because the stakes are literally life and death, computer users are particularly likely to pay to regain access to their machines.” Sound security planning requires assessing threats, choosing tools to meet those threats, implementing those tools, assessing the effectiveness of the tools implemented – and repeating this process on an ongoing basis.
At minimum, what steps must medical practices take? Measures like clustered firewalls, multi-factor authentication – that is, “layered” passwords — and intrusion detection and prevention systems (IDPS), which go above and beyond traditional firewalls. Increasingly, threats are emanating from Distributed Denial of Service (DDoS) attacks on hosting providers and from massive volumetric attacks. These attacks are something new and particularly troubling, and no single firewall can stop them – especially when the attacks are originate from connected devices.
Clichés and Myths to Deep-Six.
Even though clichés and fake facts die hard, the experience of cloud migration is proving to be the surest way to inter the myths that hobble progress.