Risk
1/11/2012
09:57 AM
50%
50%

Health IT Managers Slow To Implement Cloud

Security concerns keep health IT pros from jumping on cloud computing faster, a KLAS study suggests.

12 Mobile Health Apps Worth A Closer Look
9 Mobile Health Apps Worth A Closer Look
(click image for larger view and for slideshow)
Healthcare IT managers understand that cloud computing has its benefits, but many are concerned about privacy and security issues and are delaying plans to move their critical patient data onto cloud-based systems, according to a recent KLAS study.

The recently published study--Path to Cloud Computing Foggy: Perception Study--which interviewed 97 healthcare CIOs and other executives at health organizations, found that while 58% of respondents are considering using cloud computing, only 35% who expressed interest in cloud technology said they have any concrete plans to implement it.

Weighing heavily on the minds of CIOs is how to manage the exponential growth of data that has come with the move to digitized medical records, as well as the growth of digitized medical images. With tighter budgets and a need to do more with less, healthcare delivery organizations are evaluating cloud computing as a way to cut costs and create greater efficiency, but the thought of putting sensitive patient data in a cloud environment is still a worry for many health IT managers.

"There is more and more data out there, but many health IT managers are moving very cautiously and doing their due diligence," Erik Westerlind, the report’s author, told InformationWeek Healthcare. Westerlind said one of the main concerns of health IT managers is whether cloud computing can help them meet their obligations to comply with the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, which requires physicians to protect the privacy and security of patients' medical information.

[ Explore docs' fascination with iPads, see Apple Capitalizes On Doctors' iPad Romance.]

According to Westerlind, the health industry is still in the early stages of cloud adoption. He noted that healthcare delivery organizations have yet to transition critical data from their Electronic Health Records (EHRs), patient accounting, and Enterprise Resource Planning (ERP) applications to a cloud environment.

Nevertheless, survey respondents did acknowledge the benefits of cloud computing, with 60% of those polled saying cost savings would be the greatest benefit. By using cloud computing, health IT managers would avoid paying for additional onsite storage and network infrastructure such as expenses associated with hardware, labor costs, and maintenance of storage systems. Additionally, many respondents noted that they would benefit from enhanced disaster recovery and business continuity services.

Still, many health IT managers say they are waiting for cloud computing to mature to better address their data security needs. In the meantime, they are paying more attention to the pressing issues of meeting Meaningful Use requirements, and the transition to ICD-10 code sets.

The study also found that many respondents are concerned that public clouds, such as those being offered by Amazon and Google, may not provide adequate data security, privacy, and control of information.

On the other hand, private clouds garner greater confidence, especially among small physician practices that identified cost and security as the benefits of connecting their electronic health records to Software as Service (SaaS) cloud-based systems run by larger organizations.

For larger hospitals, the move to cloud technology is more tempered and will occur in stages, starting with moving non-critical applications to the cloud and delaying mission-critical data. The study also found that executives at larger hospitals cite other barriers delaying their transition to cloud computing.

“Some, mainly larger providers, see the cost of the cloud to be prohibitive, saying that they can do the same thing internally at the same cost or less. Still others expressed concerns about connectivity and availability and indicated that they will not consider putting applications in the cloud that require high availability,” the report states.

With regard to setting a timeframe for cloud adoption, 68% of respondents said they plan to adopt cloud computing during the next 12 months, 24% said their plans for cloud adoption will occur during the next 13 to 24 months, and another 8% said their cloud computing implementation will take place during the next two years. When are emerging technologies ready for clinical use? In the new issue of InformationWeek Healthcare, find out how three promising innovations--personalized medicine, clinical analytics, and natural language processing--show the trade-offs. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Lisa Henderson
50%
50%
Lisa Henderson,
User Rank: Apprentice
1/12/2012 | 1:05:31 AM
re: Health IT Managers Slow To Implement Cloud
Still the figures cited in the last paragraph are generally impressive toward the cloud: 68% plan to adopt cloud computing in the next year; 24% in the next 13 to 24 months; 8% in the next two years. So data security is an issue with cloud computing. Public cloud concerns notwithstanding, 2012 could be the beginning of security acceptance for many inside and outside the healthcare industry.

Lisa Henderson, InformationWeek Healthcare, contributing editor
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, you were supposed to display UNICODE characters!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.