Risk
1/11/2012
09:57 AM
Connect Directly
RSS
E-Mail
50%
50%

Health IT Managers Slow To Implement Cloud

Security concerns keep health IT pros from jumping on cloud computing faster, a KLAS study suggests.

12 Mobile Health Apps Worth A Closer Look
9 Mobile Health Apps Worth A Closer Look
(click image for larger view and for slideshow)
Healthcare IT managers understand that cloud computing has its benefits, but many are concerned about privacy and security issues and are delaying plans to move their critical patient data onto cloud-based systems, according to a recent KLAS study.

The recently published study--Path to Cloud Computing Foggy: Perception Study--which interviewed 97 healthcare CIOs and other executives at health organizations, found that while 58% of respondents are considering using cloud computing, only 35% who expressed interest in cloud technology said they have any concrete plans to implement it.

Weighing heavily on the minds of CIOs is how to manage the exponential growth of data that has come with the move to digitized medical records, as well as the growth of digitized medical images. With tighter budgets and a need to do more with less, healthcare delivery organizations are evaluating cloud computing as a way to cut costs and create greater efficiency, but the thought of putting sensitive patient data in a cloud environment is still a worry for many health IT managers.

"There is more and more data out there, but many health IT managers are moving very cautiously and doing their due diligence," Erik Westerlind, the report’s author, told InformationWeek Healthcare. Westerlind said one of the main concerns of health IT managers is whether cloud computing can help them meet their obligations to comply with the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, which requires physicians to protect the privacy and security of patients' medical information.

[ Explore docs' fascination with iPads, see Apple Capitalizes On Doctors' iPad Romance.]

According to Westerlind, the health industry is still in the early stages of cloud adoption. He noted that healthcare delivery organizations have yet to transition critical data from their Electronic Health Records (EHRs), patient accounting, and Enterprise Resource Planning (ERP) applications to a cloud environment.

Nevertheless, survey respondents did acknowledge the benefits of cloud computing, with 60% of those polled saying cost savings would be the greatest benefit. By using cloud computing, health IT managers would avoid paying for additional onsite storage and network infrastructure such as expenses associated with hardware, labor costs, and maintenance of storage systems. Additionally, many respondents noted that they would benefit from enhanced disaster recovery and business continuity services.

Still, many health IT managers say they are waiting for cloud computing to mature to better address their data security needs. In the meantime, they are paying more attention to the pressing issues of meeting Meaningful Use requirements, and the transition to ICD-10 code sets.

The study also found that many respondents are concerned that public clouds, such as those being offered by Amazon and Google, may not provide adequate data security, privacy, and control of information.

On the other hand, private clouds garner greater confidence, especially among small physician practices that identified cost and security as the benefits of connecting their electronic health records to Software as Service (SaaS) cloud-based systems run by larger organizations.

For larger hospitals, the move to cloud technology is more tempered and will occur in stages, starting with moving non-critical applications to the cloud and delaying mission-critical data. The study also found that executives at larger hospitals cite other barriers delaying their transition to cloud computing.

“Some, mainly larger providers, see the cost of the cloud to be prohibitive, saying that they can do the same thing internally at the same cost or less. Still others expressed concerns about connectivity and availability and indicated that they will not consider putting applications in the cloud that require high availability,” the report states.

With regard to setting a timeframe for cloud adoption, 68% of respondents said they plan to adopt cloud computing during the next 12 months, 24% said their plans for cloud adoption will occur during the next 13 to 24 months, and another 8% said their cloud computing implementation will take place during the next two years. When are emerging technologies ready for clinical use? In the new issue of InformationWeek Healthcare, find out how three promising innovations--personalized medicine, clinical analytics, and natural language processing--show the trade-offs. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Lisa Henderson
50%
50%
Lisa Henderson,
User Rank: Apprentice
1/12/2012 | 1:05:31 AM
re: Health IT Managers Slow To Implement Cloud
Still the figures cited in the last paragraph are generally impressive toward the cloud: 68% plan to adopt cloud computing in the next year; 24% in the next 13 to 24 months; 8% in the next two years. So data security is an issue with cloud computing. Public cloud concerns notwithstanding, 2012 could be the beginning of security acceptance for many inside and outside the healthcare industry.

Lisa Henderson, InformationWeek Healthcare, contributing editor
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.