Risk
1/11/2012
09:57 AM
50%
50%

Health IT Managers Slow To Implement Cloud

Security concerns keep health IT pros from jumping on cloud computing faster, a KLAS study suggests.

12 Mobile Health Apps Worth A Closer Look
9 Mobile Health Apps Worth A Closer Look
(click image for larger view and for slideshow)
Healthcare IT managers understand that cloud computing has its benefits, but many are concerned about privacy and security issues and are delaying plans to move their critical patient data onto cloud-based systems, according to a recent KLAS study.

The recently published study--Path to Cloud Computing Foggy: Perception Study--which interviewed 97 healthcare CIOs and other executives at health organizations, found that while 58% of respondents are considering using cloud computing, only 35% who expressed interest in cloud technology said they have any concrete plans to implement it.

Weighing heavily on the minds of CIOs is how to manage the exponential growth of data that has come with the move to digitized medical records, as well as the growth of digitized medical images. With tighter budgets and a need to do more with less, healthcare delivery organizations are evaluating cloud computing as a way to cut costs and create greater efficiency, but the thought of putting sensitive patient data in a cloud environment is still a worry for many health IT managers.

"There is more and more data out there, but many health IT managers are moving very cautiously and doing their due diligence," Erik Westerlind, the report’s author, told InformationWeek Healthcare. Westerlind said one of the main concerns of health IT managers is whether cloud computing can help them meet their obligations to comply with the Health Insurance Portability and Accountability Act (HIPAA) privacy rule, which requires physicians to protect the privacy and security of patients' medical information.

[ Explore docs' fascination with iPads, see Apple Capitalizes On Doctors' iPad Romance.]

According to Westerlind, the health industry is still in the early stages of cloud adoption. He noted that healthcare delivery organizations have yet to transition critical data from their Electronic Health Records (EHRs), patient accounting, and Enterprise Resource Planning (ERP) applications to a cloud environment.

Nevertheless, survey respondents did acknowledge the benefits of cloud computing, with 60% of those polled saying cost savings would be the greatest benefit. By using cloud computing, health IT managers would avoid paying for additional onsite storage and network infrastructure such as expenses associated with hardware, labor costs, and maintenance of storage systems. Additionally, many respondents noted that they would benefit from enhanced disaster recovery and business continuity services.

Still, many health IT managers say they are waiting for cloud computing to mature to better address their data security needs. In the meantime, they are paying more attention to the pressing issues of meeting Meaningful Use requirements, and the transition to ICD-10 code sets.

The study also found that many respondents are concerned that public clouds, such as those being offered by Amazon and Google, may not provide adequate data security, privacy, and control of information.

On the other hand, private clouds garner greater confidence, especially among small physician practices that identified cost and security as the benefits of connecting their electronic health records to Software as Service (SaaS) cloud-based systems run by larger organizations.

For larger hospitals, the move to cloud technology is more tempered and will occur in stages, starting with moving non-critical applications to the cloud and delaying mission-critical data. The study also found that executives at larger hospitals cite other barriers delaying their transition to cloud computing.

“Some, mainly larger providers, see the cost of the cloud to be prohibitive, saying that they can do the same thing internally at the same cost or less. Still others expressed concerns about connectivity and availability and indicated that they will not consider putting applications in the cloud that require high availability,” the report states.

With regard to setting a timeframe for cloud adoption, 68% of respondents said they plan to adopt cloud computing during the next 12 months, 24% said their plans for cloud adoption will occur during the next 13 to 24 months, and another 8% said their cloud computing implementation will take place during the next two years. When are emerging technologies ready for clinical use? In the new issue of InformationWeek Healthcare, find out how three promising innovations--personalized medicine, clinical analytics, and natural language processing--show the trade-offs. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Lisa Henderson
50%
50%
Lisa Henderson,
User Rank: Apprentice
1/12/2012 | 1:05:31 AM
re: Health IT Managers Slow To Implement Cloud
Still the figures cited in the last paragraph are generally impressive toward the cloud: 68% plan to adopt cloud computing in the next year; 24% in the next 13 to 24 months; 8% in the next two years. So data security is an issue with cloud computing. Public cloud concerns notwithstanding, 2012 could be the beginning of security acceptance for many inside and outside the healthcare industry.

Lisa Henderson, InformationWeek Healthcare, contributing editor
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Experienced reindeers wanted
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.