Migrating Healthcare to the Cloud: A Primer [Guest Article]

A recent survey by Datica found that 60% of surveyed hospital CIOs consider cloud hosting a top priority. Despite this, only 30% had a strategy in place. While many healthcare organizations want to access the benefits of cloud systems, they are unable to do so without a solid migration strategy. Creating a successful strategy starts with understanding the specific difficulties that healthcare organizations face during migration.

In this article, you’ll learn how migrating to the cloud can benefit healthcare organizations. You’ll also learn common issues faced during migration and some best practices which should be incorporated into your migration strategy.

Why Migrate Healthcare to the Cloud?

There are many reasons organizations choose to move to the cloud. Increased availability of services, cost savings, and access to greater performance are the most common reasons. Cloud systems enable organizations to hand over responsibility for infrastructure and gain access to enterprise-grade security and resources.

Benefits of migrating healthcare to the cloud include:

• Storage and processing of large amounts of health data
• Hosting of telehealth (healthcare provided remotely) services and applications
• Incorporation of smart health monitors and connected equipment
• Greater distributed access to records systems
• Fewer errors due to unreadable handwriting or lost charts
• Records are easily recoverable after natural disasters
• Grants access to more powerful medical research resources

Issues When Migrating Healthcare

Once you have decided to migrate your healthcare systems, there are several issues that you are likely to face. These issues should be understood before you begin planning a migration.

Compliance and Privacy

Maintaining compliance and privacy is the top concern of many healthcare organizations considering a move. Healthcare is a highly regulated industry, responsible for protecting intensely private Patient Information (PI).

Regulations, such as HIPAA and GDPR, restrict how and where data is held, as well as its accessibility. Healthcare organizations must comply with these regulations at all times and are typically subject to periodic audits to prove compliance.

Organizations must trust that cloud providers are taking active measures to ensure compliance. This includes providing visibility for auditing and ensuring that cloud provider staff are restricted from viewing data. Additionally, requirements for long term storage can create issues of vendor lock-in or access problems if a cloud provider changes structure or services.

Security

Theoretically, security in the cloud isn’t that different from on-premise security; at least the basic premises are the same. In practice, however, cloud security is often more complex.

Increased complexity is due to:

• Lack of understanding of shared responsibility between organization and cloud provider
• Lack of control or visibility over all aspects of security
• Increased attack surface due to Internet accessibility and the addition of endpoints
• Connection of Internet of Things (i.e. smart) devices which can be hard to secure
  

When securing cloud systems, organizations need to restrict access without impeding provider and staff workflows. If systems are too cumbersome to use, staff will find ways to work around security measures. Providers need to be able to quickly and securely log in and out. Often this is accomplished with keycards or badges but these can be stolen or abused. Additionally, staff may be tempted to share credentials or leave stations logged in, both of which present security and audit risks.

Disruption of Care

Depending on the type of healthcare provided, downtime can be an issue of life and death. Providers need Patient Information (PI) to be accessible at all times and from all locations. Unfortunately, this access is often affected during migration. It is also affected after migration when network connectivity issues arise.

Additionally, many healthcare providers still use analog processes for documenting PI; shifting to cloud services is a two-fold change. Learning new, cloud-based workflows can slow down patient care and cause providers to attend more to technology than their patients.

Performance and Cost

Healthcare solutions are often highly specific and rely on legacy systems and software. Some organizations can simply replace existing systems with new, cloud-native applications. However, most organizations have at least some technical debt they must first account for or accommodate. For example, Electronic Health Record (EHR) solutions or proprietary software tied to diagnostic equipment

While organizations may be able to lift-and-shift (i.e. move as is) this software, performance often suffers. To avoid this and gain the expected cloud benefit of greater performance, organizations might refactor or re-architect software. However, both refactoring and re-architecting require modifying program code to better match cloud infrastructure. This modification requires time and significant programming expertise, which organizations may not have.

Best Practices for Migration

After you understand the issues you might face during migration, you can begin developing a plan. You should take the following practices into account when creating this plan.

Get Input from Clinicians and Healthcare Staff

Clinicians and staff are the ones primarily using the system and should have a say in your migration. They are the ones with the best understanding of current processes and limitations. They are also the ones that can provide insight into improving your systems. If you migrate with no regard for staff and providers, you are likely to face resistance to new workflows and systems post-migration.

Getting staff buy-in and support for migration can help you avoid creating workflows that don’t fit clinical needs and processes. It can also help you ensure that security and compliance measures aren’t bypassed later on.

Consider a Hybrid Cloud

You might consider adopting a hybrid infrastructure, with some services and data remaining on-premises and some in the cloud. Hybrid storage systems can help you meet compliance standards for data while still providing distributed access to tooling.

Hybrid systems can help you avoid issues of provider lock-in since data and applications are accessible from multiple environments. This type of cloud makes it easier to store and access an on-premises backup of your data in case of network outage. Hybrid migrations can also enable you to more easily stagger moving your services and applications.

Many cloud providers offer services for or integrations with hybrid cloud appliances to make infrastructure easier to manage. For example, Azure NetApp Files is an appliance you can use to securely lift-and-shift data and workloads with support from Azure. These appliances can help you ensure constant access to data without losing out on the benefits of the public cloud.

Choose your Migration Strategy Carefully

Carefully plan the order that you move systems and data to avoid impeding workflows. You should account for the time it takes to test migrated applications and data before going live. Migrating systems without testing compatibility and ensuring correct configurations can cause data loss and significant downtime.

During your migration, you will likely have data in systems simultaneously. You should account for these duplicate systems and have a plan for merging data changes once you’re ready to transition. One possibility is to use a phaseout system. In this system, new patients are added to cloud systems immediately while existing patients remain on legacy systems. Existing patients can later be added to the new system at a convenient time and legacy patients can be archived.

Compliance

To meet compliance, you need to understand and account for restrictions on how records must be kept. This includes enabling security measures, such as encryption standards, and ensuring length of time in storage. You also need to verify that auditing is routinely performed and that audit results are easily accessible.

To meet compliance, you need to plan for patient access rights and privacy. This includes how patients or outsiders requesting information are verified and how information is accessed. If you intend to provide digital access to information, you need to account for secure patient access measures, such as tokens or one-time logins.

Conclusion

Migrating healthcare to the cloud can provide significant benefits for providers and patients. Patient information can be instantly accessed from any location and updated in real-time. However, successful migration and management are necessary to keeping patient information sufficiently protected.

Hopefully, this article helped you understand the common issues that arise when migrating healthcare to the cloud. Keep these issues and the considerations covered here in mind when planning your migration. With careful preparation, you can ensure that your systems are migrated effectively and that compliance is maintained.

The author

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.