Part two of a two-part series (Access part one):
Cloud computing is not just on the healthcare horizon. Partial and pure-play cloud computing architectures are already serving healthcare information technology needs in the U.S.
Denver Health uses outsourced IT for a majority of its applications. Its service provider is Siemens, whose services meet most—but not all—of the essential characteristics in a definition of cloud computing released this summer by the National Institute of Standards and Technology.
And while outsourcing dominates at Denver Health, it is not exclusive.
“I still have 158 people in my shop even though 70% of our applications are outsourced,” said Denver Health Chief Information Officer Gregory Veltri. For example, Denver runs its cardiology and radiology systems on-site, but “all of our primary Siemens applications are outsourced.” That includes nurse documentation and speed-sensitive computerized physician order entry, which are run out of the Siemens data center in Malvern, Pa. But Veltri said it may be a long time before hospitals move to a pure cloud environment.
“Will I see it in my lifetime?” Veltri said, pausing. “Healthcare is very slow to change.”
For some healthcare uses, cloud time is already here.
Vincent Fusaro holds a doctorate in bioinformatics from Boston University. He is working on a post-doctoral National Library of Medicine fellowship from the Laboratory for Personalized Medicine within the Center for Biomedical Informatics at Harvard Medical School.
For just over a year, aside from some programming initially conducted on personal computers, Fusaro said the laboratory is running “entirely on the cloud.” It uses computational services and storage provided by Amazon Web Services. Since 2006, the Amazon business division has leveraged the IT investments of the online bookseller and retailer by leasing portions of its infrastructure to outsiders.
“We don't have any complaints,” Fusaro said. “We are mapping whole genomes. We take the DNA sequencing and map them to reference genomes to sequence an entire person. We're using clusters of these services to do that.”
Physician informaticist David Kibbe, a senior adviser on IT issues to the American Academy of Family Physicians and principal of the healthcare IT consultancy the Kibbe Group, said cloud computing will catalyze a cadre of new healthcare IT entrepreneurs.
“I think that probably Google, Microsoft, Salesforce.com, all of these companies that have this architecture, will be ready if there is in fact a demand for what I'm calling 'clinical groupware' that make EHR technology possible from a mix-and-match, plug-and-play sort of way,” Kibbe said. A company could compile and offer physicians only those few Web-based services—electronic prescribing, diseases registries, patient summary sharing and the like—necessary to meet the yet-to-be-defined “meaningful use” requirements to access an estimated $34 billion in EHR subsidies under the American Recovery and Reinvestment Act of 2009.
Alfred Spector, vice president of research and special initiatives at Google, also said the cloud-based Google Health personal health-record platform will likely play a role in providers meeting the “meaningful use” criteria under the stimulus law.
“From the Google Health situation, we've gone off to produce a personal healthcare record and associated search and other services that are valuable to the consumer,” Spector said. “We do think that as an important use case that does represent a meaningful use. We really believe that if information is created, stored and aggregated at our physician groups and then is made available to consumers, this is meaningful use.”
Google Health recently added an application to its PHR platform to store digitized clinical images, but for now, Google has no plans to build an EHR or even a collection of services to meet all provider requirements under meaningful use, once an interim definition is produced by the CMS later this year.
“Never say never about anything, but that's not our focus,” Spector said. “We're consumer-facing.”
Spector, like others contacted for this story, sees cloud computing making incremental inroads into the realm of healthcare IT, but not giant leaps.
The Google paradigm of “launch early and launch often” is viable in healthcare, Spector said. Adding digital images more than a year after the Google Health platform was launched is an example. “We didn't have time to do that initially. If we had waited to do everything, we would have done nothing.
Scott Shreeve is a physician and a co-founder of Medsphere Systems Corp., a developer of clinical IT systems based on the Veterans Affairs Department's VistA EHR. Shreeve, no longer with Medsphere, is the founder of a healthcare IT consultancy, Crossover Health. He writes about Health 2.0 on a blog by the same name.
The pioneers at Shared Medical Systems Corp., or SMS, “were geniuses,” Shreeve said. “They were way ahead of their time.” The problem was, Shreeve said, they were so far ahead “it took the infrastructure 20 years to catch up with their concept. Dial-up doesn't work to use cloud computing, or DSL. It's way to slow. That was the problem with SMS; it was technically constrained back in the day, but philosophically, they were correct.”
Today, with high-speed fiber-optic lines, “the Internet removes time, location and physical constraints,” Shreeve said. “Once you start to remove those three barriers with this new way to communicate, it opens up tremendous possibilities. That leads us to cloud computing. I don't need physical services. I don't need dedicated work stations; all I need is access to the cloud.”
One likely early inroad for cloud computing in healthcare is the IT market for smaller practices of office-based physicians, thus far a veritable Death Valley for EHR vendors' sales forces. Numerous studies of EHR adoption have found a direct relationship between practice size and EHR uptake—the smaller the practice, the lower the EHR use. According to the Centers for Disease Control and Prevention's National Ambulatory Medical Care Survey, that's a lot of doctors. The 2008 survey report, based on 2005-06 data, said 49% of 309,000 office-based physicians work in either solo (37%) or two-doctor (12%) practices. Another 28% were in practices of three to five physicians.
When it passed the stimulus act, Congress included several more stringent privacy provisions
, including several taking direct aim at vendors of PHR systems, cloud-based on not. The new law sought to place PHR vendors under the same privacy and security rules as hospitals and office-based physicians and other so-called “covered entities” pursuant to the Health Insurance Portability and Accountability Act of 1996. Google and Microsoft Corp. have expressed varying degrees of reluctance
toward acknowledging their PHR operations have HIPAA obligations.
In March, the San Francisco-based Electronic Privacy Information Center, or EPIC, filed a 15-page complaint
with the Federal Trade Commission seeking an injunction against Google's cloud computing operations, alleging it “does not adequately safeguard the confidential information that it obtains.” The FTC responded in a letter the next day, requesting a meeting with EPIC, but cited its policy that it could neither confirm nor deny it was conducting an investigation of the allegations in the complaint.
The EPIC complaint said, “The recent growth of cloud computing services signals an unprecedented shift of personal information from computers controlled by individuals to networks administered by corporations. Data breaches concerning cloud computing services can result in great harm, which arises from the centralized nature of the services and large volume of information stored ‘in the cloud.' "
Spector declined to comment about the specifics of the EPIC complaint, but was willing to make a general comment that organizations that specialize in IT do far better in terms of security and privacy than organizations “that specialize in other things.”
Privacy advocate Deborah Peel said renting servers and storing healthcare information in large “ultra-secure facilities,” typical of cloud computing operations, “has always made sense to me. Servers in closets are going to go the way of dinosaurs. They just have to.”
But to allow a company to move healthcare data around a cloud “anywhere in the world is going to be a nightmare,” said Peel, a psychiatrist and the founder of the Austin, Texas-based Patient Privacy Rights Foundation.
“Where are the servers? If data is moved among various facilities, who certifies security among them? You get into the weakest link problem,” which, she said, might also include legal issues if the data is stored in a country with weaker privacy standards than the U.S. Not that the U.S. is a global paragon for privacy rights, according to Peel. “It's kind of ironic to say they ought to be in the U.S., because the U.S. may not be the best place in the world, but it has to start somewhere,” she said.
In fact, one deterrent to embracing cloud computing in Canada is the U.S. legal framework since passage of the Patriot Act, according to Prateek Dwivedi, vice president and CIO of Mount Sinai Hospital in Toronto. Broad surveillance powers granted to the U.S. government
—including the authority to force open medical records of foreign healthcare organizations kept by foreign subsidiaries of U.S. IT companies, became a cause celebre up north in 2004.
Dwivedi said the hospital's IT vendor could outsource all of his IT operations, but, “It's hosted in the States and because of the Patriot Act, the U.S. government is allowed to open up the data files for any reason. So, for us, legal boundaries prevent us from participating in cloud computing.”
Last week, Practice Fusion, a San Francisco-based developer of cloud-based EHR systems, announced it would launch a PHR using cloud computing infrastructure
from Force.com, an arm of customer resource management software developer Salesforce.com, San Francisco, and that Salesforce was investing an undisclosed amount in Practice Fusion.
David Brailer heads Health Evolution Partners, a San Francisco-based venture capital firm that has invested in three companies—two in teleradiology and one in e-prescribing—although none of them boasts on its Web site of being cloud-based companies, Brailer said. Right now, a shortage of bankable business models, resistance to change and the credit crunch are all bigger obstacles to cloud computing in healthcare than the state of the technology, he said.
“Technically, it's ready to go,” Brailer said. “Another word for cloud computing is hardware neutral. It's detaching the hardware from the applications and the content. There are some initiatives like Dossia that's based on the same idea. Microsoft HealthVault is based on the same idea.
“Some people may not want it because they want to control the hardware,” Brailer said. “They may fear having a service online. But, in general you're going to see a segment of hospitals, pharma and payers that are very pro cloud computing just as you will see those who are against it.”
At the moment though, the entrepreneurial cloud-computing movement faces a very tight capital market, Brailer said.
“The question is: Will you see a generation of applications emerging, and when will you see them emerge that offer the capabilities of cloud computing? I think it will take a while. A lot of innovative companies have been denied risk capital. There are a lot fewer investors and nobody can raise debt. It's a really tough time out there for companies that have good ideas but are not proven or not profitable.”
Mike Davis is executive vice president of HIMSS Analytics, the market research arm of the Chicago-based Healthcare Information and Management Systems Society.
“Cloud computing was talked about in the early 1990s, and the reason it didn't take off was because the Internet wasn't there yet,” Davis said. Now, he said, “There is a lot of capacity out there, so if it does bring down costs, yahoo.” But, Davis said, “Privacy and security and patient identification, those are going to be the biggest questions.” A lack of standardization in healthcare transactions and medical vocabulary also are barriers, he said.
Davis said he sees physician offices, disease management companies, and health information exchanges as likely early beachheads for cloud computing in healthcare. “For the hospitals, I think we're at least five years away before we start seeing this in anything other than the advanced medical centers.”
Don Grodecki, chief technology officer of Browsersoft, Shawnee Mission, Kan., a vendor of open-source software for regional health information exchanges, agrees. Clouds are still on the horizon in healthcare, particularly in systems used in direct patient care.
“Everyone I've talked to in the healthcare area is spooked by the idea that they don't know where their computer is; they don't know where their data is,” Grodecki said. “The healthcare industry is way far behind everyone else, and so, it's going to be a long time before hospitals put their information in the cloud.” Grodecki has worked in cutting-edge technology for Hughes Aircraft Co. and the space shuttle for Kodak. His company's computers are located in a giant data warehouse run by GreenSoft Solutions near the Kansas City (Mo.) International Airport. “We're not using the cloud at this time," Grodecki said. “We typically use separate machines for HIEs. Some of them are owned by the HIE and housed there and others are on machines leased from GSI.”
“There are HIPAA regulations we have to follow that are pretty stringent,” Grodecki said. “It would be hard to do that on a public network when you don't even know what machines it will be running on from time to time. Eventually, people will work out all of those issues and know how to certify that things are secure and private on a public cloud, but we're quite a ways from that now.”
What do you think? Submit a letter to Your Views. Please include your name, title, company and hometown. Health IT Strategist reserves the right to edit all submissions.
Also, please share your thoughts by taking our latest HITS reader poll.