As healthcare becomes more digital and more collaborative, the industry’s move to the cloud is happening quickly. According to Hytrust, in fact, 77% of healthcare companies understand the need for the cloud, and plan to put their data in a public cloud within the next year. And in November 2015, GE made a major announcement with the introduction of the GE Health Cloud. This initiative was designed to connect 500,000 imaging machines via a new cloud ecosystem that will connect radiologists and clinicians to speed, efficiency and collaboration.
For years, the healthcare industry has been content with the status quo of having their applications on premise. But as the need for flexibility and cost-efficiency grows – and the industry becomes more patient-centered and data-driven – healthcare organizations are seeing the need to move to the cloud.
The cloud provides healthcare companies with the ability and flexibility to conveniently share large data files, save on costs and increase efficiency. Moving to the cloud also provides critical mobility for medical personnel to be able to access all types of data – from anywhere and on any device.
The Move to the Enterprise IT Mainstream
The growing need for access to healthcare means that companies need powerful systems and greater flexibility in order to reach, engage and manage millions of individual customers. At the same time, this massive amount of data has to be securely shared with providers as well. In 2013, Amazon Web Services made a big dent in this trend, by signing a $600 million deal with the CIA, helping give a big boost to cloud vendors’ security credentials.
Today’s healthcare IT professionals are also under increasing pressure to move to operational expenses that offer flexibility and center on their core business. This includes funneling capital into cash flow-generating activities that allow them to deliver improved outcomes.
The benefits for the industry are clear – including the ability to leverage big data and analytics and all the applications that can result; the ability to maintain the same security and compliance standards on the cloud; and disaster recovery capabilities for getting doctors the critical information they need, even when trouble strikes.
Healthcare IT Challenges
Healthcare companies have often hesitated to move to the cloud because of concerns about data availability; being able to protect their data on the cloud (including meeting industry regulations, mostly surrounding how to keep patient-related data safe); and archiving.
The effects of data outages in particular can have potentially serious consequences for the healthcare sector. Uptime and business continuity are mandatory in this industry, and a good DR plan must be in place, built upon your organization’s recovery time objectives (RTO) and recovery point objectives (RPO).
Finding a way to cost-effectively store and archive data in a way that meets all state and federal requirements is also important, as the Health Insurance Portability and Accountability Act (HIPAA) requires that all medical records be kept a minimum of six years, and longer in many states.
Another HIPAA requirement is that organizations facilitate processes that create and maintain retrievable copies of Protected Health Information (PHI). The HIPAA Security Rule offers a detailed guide for enterprises as well. This rule requires having safeguards and security controls in place to ensure appropriate protection of electronic PHI. For enterprises, this means taking into account administrative controls, physical security and technical security.
Utilizing the Amazon Cloud
One way for healthcare companies to comply with regulations today is through the Amazon Shared Responsibility Model. With this model, companies are covered on the physical security of their data center. They have to ensure that only authorized users can access the servers themselves, which – assuming it’s your cloud – isn’t a problem. But if you’re storing data on a shared cloud storage farm, you’ll have to investigate their security measures and conclude whether they’re appropriate.
In addition, using Amazon Redshift provides database encryption for its clusters, to help protect data at rest. When customers enable encryption for a cluster, Amazon Redshift encrypts all data – including backups – by using hardware-accelerated Advanced Encryption Standard (AES)-256 symmetric keys.
You’ll also need to be able to run robust operations on top of Amazon Web Services, including for example complete control over security groups’ configuration. And with HIPAA’s requirements for maintaining a secure backup repository, you should look to automate your backup and recovery, across accounts and with the ability to keep multiple replicas of the data across AWS regions.
More about HIPAA compliance can be found in the recent AWS white paper, Architecting for HIPAA Security and Compliance on Amazon Web Services.
With the new realities the healthcare industry faces, enterprises have to ensure that they take sufficient steps to comply, including storing data in multiple locations to ensure sufficient backup and DR; making sure stored backups are secure; and having notifications in place for monitoring and backup status.
Solutions like Cloud Protection Manager (CPM) can help resolve the challenges healthcare companies face today. CPM automates backup and recovery via a Windows agent that consistently backs up Windows applications. The agent allows users to manage multiple AWS accounts, and configure policies and schedules to take automated snapshot backups. CPM provides enterprises with flexible backup policies and scheduling, rapid recovery of instances, and a simple, intuitive and user-friendly web interface to easily manage backup operations. With CPM, you can recover volume from a snapshot, increase its size and switch it with an existing attached volume in a single step.