Apple Leads Big-Name Tech Charge Focusing on Health Data

Apple’s $921 billion market valuation, perched atop the Fortune 500, reflects investors’ belief that the company’s relentless growth should continue in coming years. And an iPhone-based health record product, a test version of which Apple released in late January, could be a pivotal part of the expected progression.

“We view the future as consumers owning their own health data,” Apple COO Jeff Williams told CNBC.

The new Health Records section, accessible from the iPhone’s Health app, lets users stream in encrypted data (e.g., allergies, conditions, immunizations, lab results, medications, procedures and vital signs) from leading EHR systems. The idea empowers consumers to share passcode-protected data on-demand with their primary care doctor or hospital personnel.

As of March, nearly 40 U.S. hospitals had signed on to participate in Apple’s Health Records project.

Industry Reaction

David Harlow, who heads a healthcare law and consulting practice, pointed out the long-term promise inherent in Apple’s initiative: allowing more people than ever before to access their own health data more easily. If the pilot succeeds, he added, healthcare systems of all sizes across the country would be able to connect their respective EHRs to the Apple conduit.

Indeed, among a dozen Health Records beta sites interviewed by research firm KLAS Enterprises, all recognized the product’s potential to facilitate patient-provider interaction and help consumers improve care self-management. Patient record portability should be possible soon, according to 59 percent of beta testers, with associated benefits (giving patients access to their data, using the data to engage patients, and integrating data into patient care) expected within six months.

At the same time, however, Harlow cautioned that Apple faces several short-term challenges:

  1. Health Records is currently limited to personal health record data, not the full scope of EHR data.
  2. iPhone users account for only 15 percent of the overall smartphone market (although physician iPhone usage hovers around 75 percent).
  3. The pilot’s relatively small size limits demonstration of data integration from multiple provider organizations.
  4. Data flows only in one direction — from provider to patient.

Harlow concluded that it’s not yet possible to predict whether Health Records will become ubiquitous, although consumer advocates like Apple’s approach to handling end-user data. (It stays on the phone and Apple won’t be mining it for other purposes.)

Nonetheless, a practical consideration — some patients have to pay their provider more than $500 for a single medical records request, while others encounter an annual subscription fee, according to a recent Government Accountability Office report — could disrupt emerging data-sharing models. In this environment, Apple has gotten a head start on allowing patients to own and control their health data, even across disparate systems.

Integration in the Healthcare Ecosystem

NetDirector views these developments in a positive light as they relate to integration advances across healthcare. If Health Records and similar projects take flight, cloud-based platforms such as NetDirector’s HealthData Exchange will assist with streamlined adoption and implementation. The net result will be the ability for healthcare stakeholders to quickly and accurately put in place patient-centric services.

For more information on HealthData Exchange, please contact us or request a free demo.

Health Data is a Prime Target: How to Minimize Risk

Health Data is a Prime Target: How to Minimize Risk

More than 60 percent of healthcare organizations suffered a data breach in the past 12 months, according to information security researcher Ponemon Institute. In total, over 5 million healthcare records were exposed or stolen among entities studied by Ponemon.

Recent incidents show no abatement in cybercriminals’ attraction to healthcare data. For example, Florida Hospital reported earlier this month that patient information on 12,724 individuals might have been exposed through a malware infection on three of the organization’s websites. Three months earlier, St. Peter’s Surgery & Endoscopy Center in New York disclosed that hackers had potentially gained access to server-based medical records of nearly 135,000 patients.

Healthcare in the Crosshairs

Approximately 7 million patients will have their data compromised by hacks in 2019, estimates consulting firm Accenture, racking up billions of dollars in costs to hospitals and health systems.

What makes the healthcare particularly vulnerable?

A Computerworld report explains that healthcare data, which includes personal identifiers and medical histories, can be sold virtually unchallenged over time on the black market. In contrast, financial data often becomes useless once a breach has been discovered and passcodes changed. Cybercriminals, aware of the premium value of healthcare records, focus their attacks in pursuit of the greatest possible returns.

Other factors contributing to healthcare’s data security liability include:

  • increasing access to medical records as entities share information across integrated sites of care;
  • legal requirements to store medical records for extended periods of time;
  • efforts to connect electronic health record systems, often relying on unsecured patches that can open the door to unauthorized entry; and
  • inadequate education of employees about modes of cyberattacks.

On a broader scale, but not to be discounted, foreign governments’ so called “state actors” may attempt to accumulate healthcare data that could help in social engineering of future attacks. Such a tactic might deploy emails to individuals who have a specific medical condition — with malware linked to prompts for more information.

Risk Mitigation

Big data sets in healthcare, despite ever-increasing volume, can be managed through ongoing risk assessments and implementation of preventative security controls, such as continuous monitoring programs. However, those measures come at a cost that must be weighed against the uncertainty of threat protection.

“Each organization needs to evaluate risk and its security needs in the context of its organizational and business requirements to determine where it makes the most sense to invest their people, time and financial resources,” advises Christine Sublett, a member of the Department of Health and Human Services’ Healthcare Industry Cybersecurity Task Force.

NetDirector’s HealthData Exchange platform deserves consideration as healthcare organizations work through their cybersecurity evaluations. The system combines HIPAA-based security and HL7 standard interfacing compliance — with attestations available upon request. Additionally, NetDirector uses a physically secure Peak10 facility for hosting customer data. This approach ensures data integrity without the need for additional IT investment and the associated risk of self-managing connection points among exchange partners.

For more information on HealthData Exchange, please contact us or request a free demo.

Technologies That Impressed at HIMSS18

Last month in larger-than-life Las Vegas, nearly 50,000 healthcare IT professionals and vendors convened for HIMSS18, the industry’s yearly focal point. Attendees sought common ground in improving care and business operations through the use of technology.

Reports from the conference yielded a wealth of new information from more than 1,000 exhibitors and scores of expert presenters. And — indicative of a setting where anything could happen — Jared Kushner and Magic Johnson stopped by to share their respective insights on better access to patient data and health, leadership and community-building.

But at the heart of the event, discussion of challenges and pursuit of new ideas revealed common themes among those serving at healthcare organizations and their counterparts on the developer side. The infographic below summarizes key aspects of health IT’s ongoing quest to support better patient outcomes in a fiscally sustainable ecosystem.

 

 

NetDirector’s cloud-based HealthData Exchange addresses these points of emphasis through low-cost, high-speed, secure data and document sharing capabilities among hospitals, physician practices, nursing facilities, pharmacies, labs, imaging centers, vendors, government agencies and insurance providers. The format- and transport-agnostic technology eliminates the need to maintain multiple interfaces while ensuring data consistency and integrity.

For more information on the HealthData Exchange platform, please contact us or request a free demo.

On the Horizon: What Healthcare Technology Needs in 2018

The year ahead will usher in an imposing financial squeeze for hospitals across the country. Moody’s Investor Service expects the healthcare sector’s operating cash flow to contract by 2 to 4 percent through 2018 as facilities grapple with lower insurance reimbursements and higher expense growth. Accordingly, hospitals and health systems must leverage information technology (IT) to optimize operations, sustain strategic initiatives and drive disruptive innovations.

Leading organizations will move beyond using IT to automate formerly manual processes. Instead, they’ll build IT-powered business models to align with predictive/ proactive care delivery while empowering patients to take charge of their own health.

As in recent years, healthcare executives remain rightfully concerned about enhancing cybersecurity, countering potential attacks and preparing for response by moving more of their IT infrastructure to the cloud.

They also see competitive opportunities to scale up IT in areas such as consumer-facing technology, data analytics, and virtual care. As such, integration will be key to merging patient-generated data with health records, exploring genomic testing as part of a move toward personalized medicine, and providing reimbursable care or monitoring for remote patients.

Paths Forward

Many industry observers point to cloud-based systems when explaining attempts to “future-proof” technology investments. “[Cloud computing] can offer a dramatically lower total cost of ownership than traditional on-premises solutions by eliminating maintenance fees and upgrade costs, and by requiring much less effort to install and operate,” says Mark LaRow, CEO of patient-matching technology vendor Verato.

At the same time, healthcare organizations stand to benefit from enhancing existing IT platforms, especially where revenue-driving processes and workflows overlap. In particular, providers are looking for ways to facilitate operations through automated insurance eligibility processes, mobile/ online payment applications, and cost estimation tools.

Additionally, advanced hospitals and health systems recognize that increasingly accepted value-based payment models require ongoing patient engagement measures. Advisory firm PricewaterhouseCoopers (PwC) notes that providers need to obtain a comprehensive view of patient interactions. “An ability to derive meaningful information from linking disparate data about patients becomes a differentiator for an organization in a competitive market,” comments Winjie Miao, chief experience officer at Texas Health Resources.

Meanwhile, 88 percent of insurers plan investments in technology to improve the healthcare experience for their members. With providers and payers moving toward shared goals in data aggregation and analysis, “2018 could be the year [that] health sectors rally around the patient experience,” according to PwC.

A Platform Built for Integration

NetDirector’s subscription-model integration services fall squarely in line with healthcare organizations’ IT needs in the coming year. From a broad perspective, NetDirector’s HealthData Exchange normalizes data to standard HL7 or other formats, enabling systems to seamlessly share clinical and billing data. While complementing existing IT investments, the platform streamlines clinical workflow and communications while reducing administrative costs.

NetDirector also remains adaptive to changes in the healthcare ecosystem, such as those anticipated for 2018. New integrations can be configured based on evolving customer needs — and on standards and protocols defined by healthcare’s governing bodies.

For more information, please contact us or request a free demo.

How 2017 Became the Year of Integration

When all’s said and done, 2017 may be best remembered as the year big business put an indelible stamp on healthcare. Sure, we’ve had similar maneuvers in the past from the likes of Apple, Google and Microsoft, but each of those initiatives struggled with consumer connection, especially when it came to individuals surrendering their personal health information.

What’s different this time? Drugstore chain CVS Health’s proposed (subject to regulatory approval) buyout of insurance giant Aetna — at $69 billion, the largest health insurance deal in history— could transform pharmacy storefronts into community health clinics, giving patients streamlined access to primary care, medications and insurance services in unified hubs.

Some industry experts acknowledge potential systemic efficiencies that would accompany this type of vertical integration. However, they also caution that consolidation could trigger insurance network restrictions and a move toward “transactional care,” in which patients see doctors for isolated consultation without any established history or context of treatment.

Other observers see the purchase more as a preemptive move by CVS to fend off retail kingpin Amazon’s interest in pharmaceutical distribution (particularly for expensive and difficult-to-obtain specialty drugs). Amazon has acquired pharmacy licenses in 12 states and has kicked off discussions with generic drugmakers, according to media reports.

Whatever the true motivation — and it very well could be a combination of all factors outlined above — healthcare models are undeniably trending toward large-scale integration as 2017 draws to a close. And that’s sure to bring opportunities and challenges to stakeholders, including IT companies, along the way.

Integration in Various Forms

As 2017 began, advisory firms counseled hospital executives to integrate clinical delivery with financial sustainability in preparation for almost certain payment cuts. One health system followed such a course, slashing annual operating costs by $12 million in just six months by focusing solely on reducing excess lengths of stay. That type of integration works around mutual biases: (1) clinicians worrying that cost-cutting would jeopardize care quality and (2) financial teams perceiving doctors’ resistance to data analysis that would measure costs.

Meanwhile, along healthcare’s leading edge, IT initiatives pushed forward throughout the year. “I believe an urgent priority for our healthcare system is to move from the traditional one-to-one model to a more efficient, time- and place-independent care delivery system,” commented Joseph Kvedar, MD, vice president of connected health at Partners Healthcare.

Kvedar’s remarks accompanied the Personal Connected Health Alliance’s release of new design guidelines for sharing patient-generated health data with providers via HL7 Fast Healthcare Interoperability Resources (FHIR) specifications. The guidelines support data integration into electronic health records (EHRs) from 26 vital signs sensors and 40 health/ medical/ fitness devices for remote monitoring of chronic diseases, as well as health and fitness measures.

In related ways, we saw positive disruption in data exchange between payers and providers, setting the stage for real-time alerts that would help prescribing physicians prevent drug-drug interactions or other potentially harmful outcomes.

Additionally, EHR vendors did their part to integrate cloud-based versions of traditional systems, bringing cost-effective processes and simplified technology contracting to small hospitals and physician practices.

As we witnessed, a lot can happen over the course of a year. Continued progress in integration will depend on straightforward but flexible options for sharing data and documents across the healthcare ecosystem. NetDirector offers those exact capabilities in its HealthData Exchange platform so that care facilities don’t have to worry about managing — and staying ahead of — the ever-changing technology curve.

For more information, please contact us or request a free demo.

Cloud Services Advancing in Healthcare Technology

Nine hospitals across the country have filed for bankruptcy thus far in 2017. Small facilities, in particular, continue to feel the pinch from a combination of dwindling patient volume, rising capital requirements, escalating costs of care, bad debt accruals and lack of Medicaid funding.

Clearly, something needs to be done to stem the flow of red ink.

Fortunately, we’re seeing a healthy response from health IT vendors, who’ve identified an opportunity among the chaos. Electronic health record (EHR) firms Meditech, athenahealth and eClinicalWorks have rolled out cloud-based versions of their platforms aimed at bringing cost-effective processing and simplified technology contracting to the small-hospital domain.

Even EHR stalwart Epic is joining the movement. On Nov. 1, Tahoe Forest Health System, which serves two rural counties across 3,500 square miles in California and Nevada, went live with a new version of Epic’s EHR. The health system’s CFO, Crystal Betts, anticipates “significant savings without the maintenance of eight EHRs and [retirement of] a host of third-party ancillary systems no longer needed.” Betts added, “The cherry on top is time saved and a boost to quality and safety with a tightly integrated EHR that just works.”

Likewise, athenahealth’s cloud-based EHR has made a significant impact at Coastal Orthopedics (Conway, S.C.), which implemented the technology a little over a year ago to replace separate EHR and practice management systems. “We wanted to be in a position to jump in quickly and effectively as population health management becomes [our] new top-of-mind issue,” noted practice administrator Andrew Wade. With the EHR taking on redundant data-collection tasks, providers and staff have been able to spend more time on patient care.

Above and Beyond

Meanwhile, the healthcare research/ academic community is also leveraging the power of cloud computing. For example, at the Icahn School of Medicine at Mount Sinai in New York, scientists and physicians have access to more than 100 terabytes of data generated by DNA sequences as they study the molecular basis of breast and ovarian cancer. They use Amazon Web Services’ cloud to support a genomics platform that dynamically scales to analyze tens of thousands of genomes in a matter of minutes.

In short, cloud computing has enabled management to shift from worrying about data storage, performance, and security to helping researchers understand the sequenced output data.

There’s more to come, too. “The cloud is poised to play a prominent role when healthcare organizations deploy telemedicine, mobile health applications, and remote monitoring tools — trends that are inevitable as organizations implement value-based care programs,” according to a HIMSS Analytics cloud computing survey.

Pathway to Progress

As healthcare organizations continue to put their faith in the cloud, they’re looking for partners who can facilitate implementation and replace layers of internal systems management and integration. And, not coincidentally, they want to do so with predictable ongoing costs.

NetDirector’s cloud-based HealthData Exchange fits the desired profile by normalizing data and documents to achieve EHR interoperability with an expanding array of trading partners, including physician groups, labs, registries and imaging centers. Subscription pricing meshes with organizations’ emerging reliance on scalable services made possible by cloud technology.

For more information, please contact us or request a free demo.

Healthcare, Ransomware, and Security Breaches

Ransomware, a treacherous malware exploit that encrypts victims’ data or prevents access to their devices, netted cybercriminals an estimated $1 billion in 2016.

Data-related extortion attacks on businesses rose three-fold during the first nine months of last year, equating to one every 40 seconds. Two-thirds of those hit by ransomware lost all or part of their corporate data and one-quarter spent weeks trying to restore access, according to Kaspersky Labs, a data security firm.

Perhaps even more alarming is a predicted shift from chaotic and sporadic ransomware incidents to steadier assaults in higher volumes. “There is no such thing as a low-risk sector anymore,” Kaspersky’s research warned.

Healthcare, with 16 percent of organizations having been hit by ransomware, ranks in the top 10 among targeted industries.

High stakes for healthcare

Hospitals and health systems, as HIPAA covered entities, must adopt safeguards to ensure the confidentiality, integrity and availability of electronic protected health information (ePHI). The Department of Health and Human Services’ Office for Civil Rights (OCR), which enforces HIPAA, issued guidance in 2016 presuming a breach in the event of a ransomware attack involving ePHI. In other words, it’s up to the provider organization to prove that a breach did not occur by demonstrating low probability that ePHI was not compromised.

Nonetheless, many organizations remain non-compliant or take a stance of “calculated non-compliance.” That means they deem any potential fine to be cheaper than the reporting costs or technical resources needed to investigate incidents to OCR’s satisfaction, according to James Scott, senior fellow at the Institute for Critical Infrastructure Technology.

All the same, providers should be concerned whether ePHI is properly encrypted and adequately protected against compromise by ransomware. And from a system-wide perspective, additional safeguards should include proper use of passwords, removal of outdated software and unauthorized apps, adherence to regular backup procedures, and educating users not to open attachments or click links from unknown senders. Additionally, operating systems, browsers and antivirus programs should be updated to the latest version on all devices.

Also worth noting: Security shortfalls may be present in system integrations written in-house or by contracted developers.

In any event, “negligence gives cyber criminals the incentive to continue to launch ransomware attacks,” notes security website CSO.

And — as if on cue — a newly discovered form of ransomware may be released this month, reports TechRepublic. The malware, known as RedBoot, not only encrypts files but also permanently repartitions hard drives, rendering data unrecoverable. The alert advises businesses to back up workstations to some form of network or cloud storage, refresh all antivirus software definitions, and train users to avoid phishing scams.

A big ask

Hospitals have their hands full providing the best care possible for patients, around the clock, every day of the week. In that light, they shouldn’t be expected to shoulder the entire load of locking down data against an ever-expanding array of intruders.

Networking companies such as NetDirector have the expertise and capabilities needed to properly secure and integrate healthcare data. All of our certifications and processes (e.g., HIPAA and SOC2) are maintained above industry standards in a fully redundant, cloud-based platform. Healthcare clients put their trust in NetDirector to securely handle more than 10 million data and document transactions per month.

Although ransomware and related intrusions are real concerns, NetDirector stands ready to consult and assist in hardening defenses across the healthcare ecosystem.

For more information, please contact us or request a free demo.

Disaster Recovery Planning Essential in a Connected Healthcare Environment

Disaster Recovery Planning Essential in a Connected Healthcare Environment

While we are successfully recovering from Hurricane Irma here in Tampa (with no major damage and no service outage, thankfully), the numbers have started to roll in from Harvey a few weeks ago. Despite Hurricane and Tropical Storm Harvey’s devastating impact in terms of lives lost/displaced and estimated $23 billion property damage in Texas’ Harris and Galveston counties, things could have been much worse if not for the region’s heads-up health IT disaster planning.

Four days after the storm’s landfall, all the electronic health record systems at all the hospitals in Houston appeared to be in “regular working order,” according to Nick Bonvino, CEO of Greater Houston Healthconnect (GHHC), the region’s health information exchange (HIE). GHHC had previously partnered with Health Access San Antonio, the HIE serving a large expanse of central Texas, to establish a statewide hub for Texas HIEs with remote siting and data storage in Salt Lake City.

“If a hospital backs up all of its information to a data center down the block, which is also flooded, that’s not a sufficient solution,” Andrew Gettinger, MD, chief medical information officer at the Office of the National Coordinator for Health IT, recently told Health Data Management. “You have to think about the geography that’s likely to be at risk and make sure that your backup solution takes care of that so you can recover.”

Indeed, when Hurricane Sandy hit New York and New Jersey in 2012, healthcare data centers situated in low-lying areas — many in hospital basements — suffered catastrophic flood damage, Gettinger emphasized. Those losses underscored the need for backup systems located out of harm’s way.

Disaster recovery planning

Aside from natural disasters, health care organizations also need to prepare for cyber-threats, such as denial-of-service and ransomware attacks, which can render IT systems inoperable or data inaccessible.

According to Jeremy Molnar, vice president of services for information security firm Cynergistek, proper disaster recovery (DR) planning starts with the assignment of a project manager responsible for implementing a cohesive strategy. Other organizational experts develop needed processes and documentation to support the project manager.

Additional key aspects include:

  • identification of critical data, applications, systems, and personnel;
  • requirements for data backup and emergency-mode operations planning;
  • ongoing testing of and revisions to each component of the DR plan; and
  • assurance of contingency planning in compliance with HIPAA rules, which mandate security risk assessments. Such assessments evaluate the likelihood and impact of exposing protected health information and document the security measures adopted to address identified risks.

State of the industry

Peak 10, an IT infrastructure solutions company, found in its “IT Trends in Healthcare” study that most healthcare organizations execute DR testing less than once annually. Only 25 percent test quarterly.

What’s more eye-opening, the Disaster Recovery Preparedness Council estimates that more than 65 percent of organizations who test their DR plan actually fail their own test. Since so many organizations don’t pass their own tests, Peak 10 points out that those who neglect — or elect not to — test “simply won’t recover IT operations sufficiently if disaster [occurs], which in a hospital setting, is a risk not worth taking.”

NetDirector helps mitigate DR concerns by partnering with best-in-class technology companies to provide an “industrial-strength” data exchange platform hosted at a Peak 10 data center. Peak 10 is current with all applicable data security certifications and regulations, including HIPAA.

Additionally, NetDirector connects to multiple data centers in different geographic locations that are continuously updated and available to seamlessly go live as needed. This fault-tolerant set-up provides clients with built-in DR and hot-site swapping capabilities, ensuring minimal to zero disruption. NetDirector’s HealthData Exchange also reduces the need for scheduled maintenance and its accompanying temporary downtime.

For more information, please contact us or request a free demo.

Blockchain Technology: An Emerging Force in Healthcare Integration

Back in March, at the conclusion of the HIMSS17 annual conference, we pointed to blockchain as one of the most noteworthy recent developments in the healthcare IT space. We emphasized that blockchain technology, which uses a distributed database and cryptography to securely manage records and create a permanent record of online transactions, deserves recognition for its potential to increase IT and organizational efficiencies — highly valued attributes in light of Healthcare’s perpetually constrained resources.

An IBM Institute for Business Value study explains that data captured on blockchains can be shared in real time across a scalable group of individuals and institutions. “Every event or transaction is time-stamped and becomes part of a long chain, or permanent record, that can’t be tampered with after the fact,” according to the study report, which finds 16 percent of healthcare organizations ready to commercialize blockchain at scale in 2017.

Where will things go from here?

Room to grow

In practical terms, blockchain could be used in areas such as population health to aggregate patient and financial data that formerly would have been available only from separate sources such as health information exchanges and claims databases.

Further, blockchain’s ability to enable secure and irrevocable data exchange systems would provide “seamless access to historic and real-time data, while eliminating the burden and cost of data reconciliation,” explains Reenita Das, senior vice president of transformational healthcare at research firm Frost & Sullivan.

Micah Winkelspecht, founder and CEO of blockchain start-up Gem, characterizes blockchain as a tool for interoperability — in essence, an open-source protocol layer incorporating rules to which software can be written. “It’s basically like a language that all [participating] companies agree to speak in order to be able to interoperate with each other,” he adds. Unlike the current EHR-centric healthcare system, blockchain would be the “underlying fabric” for the entire continuum of care, “a decentralized, distributed, global data repository that’s basically shared and controlled by everyone,” he envisions.

Cross-industry philosophy

Related, in the mortgage industry, a similar foundational approach has experts believing in blockchain as an enabling technology empowering lenders to overcome current challenges in electronic processes.

Blockchain would be applied as a thin layer atop an existing document management system to effectively “freeze” a copy of the signed documentation, thereby proving it has never been altered and that the original document resides in its original location. Focus would shift from e-signature tools to blockchain as the core technology structure for compliance and document management — without requiring a completely reworked electronic process.

NetDirector recognizes ongoing and changing security needs in industries such as healthcare and mortgage banking. Companies on the front lines shouldn’t have to rewrite existing integrations or pay multiple vendors in their respective networks to operationalize individual system connections.

Within the healthcare ecosystem, NetDirector’s HealthData Exchange builds on a standard data model to map to HL7 or other data formats and achieve EHR interoperability while removing the bottlenecks of traditional interfacing. Such integrative technology holds the promise of making future security updates and landscape changes far more manageable.

For more information, please contact us or request a free demo.

Security in Data Migration, and When Not to Migrate

There’s no turning back on the cloud computing revolution. By 2020, more than 90 percent of data center traffic will be cloud traffic, according to Cisco’s Global Cloud Index forecast.

Separate analysis from 451 Research finds enterprise spending on hosting and cloud services up by 26 percent in 2017 over 2016, outpacing a 12 percent increase in total IT budgets during the same span. “Hosting and cloud services are becoming a focus of IT investment, via both new projects and the migration of existing workloads,” observes Liam Eagle, research manager at the firm.

In healthcare, 76 percent of new or existing workloads are moving to the cloud, in areas such as data archiving, backups/disaster recovery, back-office applications and server virtualization.

Some might even say the transition to cloud is happening too quickly. In fact, the simplicity of initiating cloud projects has raised eyebrows among industry observers — especially since protected health information (PHI) is at stake. “The ease of spinning up a cloud application can create, in and of itself, a risk,” says Shane Whitlatch, enterprise vice president at data security firm FairWarning. “Because cloud projects are easy to start, it’s also easy to just leave them there and not monitor them.”

Does he have a point?

Setting the record straight

Without a doubt, companies across all industries have made some missteps in migrating data to the cloud. In certain cases, organizations have viewed data migration as a one-time event rather a process that will likely be repeated over the years. Therefore, it’s important to analyze whether an IT infrastructure can hold up to the demands of a full-scale migration, reports HealthITInfrastructure.

Closer to home in healthcare, organizations often fail to assess data-quality issues before embarking on a migration. This might come into play, for example, when moving data from a legacy electronic health record (EHR) system to a new EHR application.

And while it’s certainly possible for a healthcare provider to fall victim to the scenario Whitlatch envisions (e.g., gathering PHI for research purposes and later abandoning that data outside established controls on a cloud-based platform), most organizations would avoid that type of vulnerability through due diligence. They recognize that cybersecurity is a shared responsibility between cloud provider and customer. HIPAA’s Security Rule, for instance, applies in equal force to data protection whether the data resides in on-premise systems or in the cloud.

Additionally, above all other factors, healthcare organizations are concerned about adherence to regulatory requirements such as HIPAA when selecting a cloud services provider, according to a 2016 study conducted by HIMSS Analytics.

NetDirector’s HealthData Exchange, a cloud-based platform for exchanging data between healthcare entities, has been certified as HIPAA-compliant under audit by a third-party security and compliance solutions provider. This certification “strengthens the trust that our clients place in us to safely integrate their platforms and transform their data,” explains NetDirector CEO Harry Beisswenger.

For more information on the HealthData Exchange platform, please contact us or request a free demo.