- Cloud computing has played a part in IT infrastructure for nearly a decade, and according to most recent research, the healthcare cloud market will undergo steady evolution in the coming years.
The authors of Gartner’s Market Guide for Cloud Service Providers to Healthcare Delivery Organizations found that cloud security and compliance concerns are fading and healthcare organizations are generally considering or favoring cloud computing for new IT initiatives.
Healthcare organizations working with tight IT budgets and lack of on-premise IT staff continue to support hybrid environments for both on-premise and cloud deployments, with cloud shouldering more of the infrastructure than on-premise solutions year over year.
Cloud computing is becoming a new standard for health IT infrastructure as the technology passes from a new and untested technology to expected and reliable.
“The general hype surrounding the cloud has begun to wane, with an ever increasing number of real-world experiences demonstrating the pros and cons of cloud computing,” Gartner analysts explain. “This is on par with adoption life cycles of other major technologies that move the healthcare industry forward. It creates an environment for continuous improvement of perceptions and helps the technology evolve to better serve healthcare.”
As general skepticism of the healthcare cloud lessens, Gartner observed healthcare CIOs taking advantage of software-as-a-service (SaaS) offerings in particular such as EHR solutions and service desk services. Cloud allows organizations to optimize costs and improve operations.
The increased interest in the healthcare cloud has inspired vendors to increase their support for business associate agreements (BAA), and third-party privacy and security assessments.
Organizations face many HIPAA compliance challenges when it comes to cloud as not all cloud solutions can meet the needs required for health data and protected health information (PHI). Healthcare cloud solutions need to strike a balance between being HIPAA compliant and secure, as well as flexible and adapting to technological advancements.
As cloud technology improves and grows, healthcare organizations may be cautious if they are not sure the evolutions of their cloud solution are HIPAA compliant as they are upgraded. Gartner analysts advise organizations to select cloud vendors willing to sign a BAA and are committed to adhering to:
- Guidance set forth in the HIPAA Security Rule or the Office for Civil Rights (OCR) HIPAA Audit Protocol
- Standards like SSAE 16 Type II
- Results of a third-party compliance assessment or healthcare-specific security framework, such as HITRUST
Cloud service providers (CSP) wanting to appeal to healthcare organizations must understand HIPAA compliance and the delivery, and security requirements healthcare organizations demand, the study stated. Healthcare providers cannot commit to CSPs that simply claim HIPAA compliance.
“The CSP must be able to demonstrate, in a transparent and verifiable manner, that it has exercised a standard of due care with respect to HIPAA rules and guidelines by providing descriptions of their mitigating controls and audit results against those controls,” Gartner analysts advise.
Gartner also listed the certifications of several vendors including, HIPAA-ready, FedRamp, HITRUST, SOC 1, SOC 2, and more. CSPs with several certifications include Amazon, Microsoft, Peak 10, and Cerner.
As new technological advancements in areas such as the internet of things and analytics, cloud becomes an important scalable and future proof piece of the IT infrastructure needed to support the influx of data and the growing need for real-time healthcare systems.
Gartner insists that healthcare cloud is needed to balance out the demand of infrastructure resources so clinicians can make better decisions surrounding patient care, advising organizations to “craft a cloud strategy that recognizes realities and goals of the cloud, its value proposition, inherent risks and its place within the enterprise IT ecosystem and establish an IT service strategy by looking at IT solutions as a service first, and as a technology offering second, to expand thinking and scope to creative solutions.”