The Cloud and Hospitals

Let’s talk about The Cloud and Hospitals for a minute. At a session I attended at CHIME a hospital CIO said, “There’s still a lot of unknown with cloud.”

At first I was a little taken back by the comment. As an IT guy, it seems like cloud has been around forever. Plus, I would bet that every single hospital has a number of cloud based IT systems in their IT environment.

What then could be the unknown issues with the cloud that this CIO was talking about?

I found this really great resource on the IBM website about the cloud and healthcare. They hit on what is probably the biggest unknown with the cloud, HIPAA. Here’s a section which describes why it’s such an unknown.

Cloud providers hold a unique position as BAs entrusted with EPHI. When HIPAA was enacted, the concept of “the cloud” didn’t exist and probably could not have been predicted. Covered entities and other BAs are increasingly choosing to store health information in the cloud.

Then he adds in these cloud challenges:

Transferring data to the cloud comes with unique issues that complicate HIPAA compliance for covered entities, traditional BAs, and now cloud providers themselves. They include issues of control, access, availability, shared multitenant environments, incident preparedness and response, and data protection

All of these should provide any hospital CIO a moment of pause. As another hospital CIO I talked with said, “we’re still doing the cloud, but we are careful about who we work with in the cloud and how we do it.”

I think this will be the reality for the forseeable future. It takes a really well done trusted relationship for a hospital to trust a cloud provider. In the small ambulatory practice space it’s very different since there’s little doubt that the cloud provider can do much better than your neighborhood tech guy. However, this is not the case in hospitals where the decision to use the cloud or your existing in house IT staff and resources is much more complex.

The reality is that every hospital is likely going to have a mixed hosting strategy with some software hosted in house and some software hosted in the cloud. This means that every hospital CIO is going to have to figure out the cloud even if there’s still some difficult to answer questions.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference,, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

1 Comment

  • John,

    Excellent point regarding HIPAA and the cloud. GNAXHealth agrees.

    In working with hospitals, we find that hosting one, two or several second tier applications in the cloud is a practical and cost-effective way to get started. Here are 5 other steps we suggest in healthcare:

    1. Fully understand your data center costs today
    2. Evaluate all three cloud options for each application: computing, storage, collocation.
    3. Respond to two key organizational concerns: finance and security.
    4. Make a long-term plan for cloud adoption (5,10,20 years down the road).
    5. Choose the right cloud partner.

    Not all clouds are created equal. There are specific requirements for healthcare that must be met.

Click here to post a comment