Be mindful of data breaches with cloud-based systems
Cloud computing is an ever-growing trend, especially in healthcare. As the industry continues to go digital, payers and providers are upgrading to cloud-based systems.
According to a report by MarketsandMarkets, a market research and consulting company, the global healthcare cloud computing market could hit $5.4 billion by 2017.
While cloud-computing penetration in healthcare was around 4% in 2011, many more healthcare organizations will be migrating to the cloud over the next five years, according to the report.
For providers, not only can the cloud better facilitate the exchange of patient information, but it has the potential to collect data and improve care coordination. An advantage for plans using the cloud is its ability to improve virtual team communications and collaboration.
WellPoint has been documenting evolving policies on the cloud since 2009, according to Darren Ghanayem, vice president and chief information officer (CIO), Commercial and Specialty Division.
“Our core function is to process, interpret and manage information,” he says. “In doing this, there is an ever-increasing pressure to manage the growing space demands, infrastructure costs and stability related to that space. The cloud has great potential to ease that burden, allowing us to more rapidly put our wealth of data into solutions.”
Cloud solutions can be used for internal operational efficiencies. Most recently, the plan rolled out an internal email solution for more than 40,000 associates in the cloud.
“This allowed a seamless transition to a much more stable and flexible platform,” Ghanayem says. “It enabled users to more easily manage their email size and have access to that platform via multiple vehicles such as mobile devices and remote access.”
Private, public and hybrid clouds are three available models, but the industry has been slow to adopt public models because of their highly regulated nature. There has also been scrutiny over the cloud’s privacy and security, which further impedes any adoption processes.
Ghanayem says WellPoint is establishing ways to partner with providers that share accountability in improving the health of its members, and to retain a focus on quality of service versus volume. That requires sharing more information, which also means an increased risk of data breaches.
“Cloud technology is a very promising method,” he says. “It could greatly simplify the complexities of the insurers’ environments and the providers’ environments, but it also introduces some concern on the privacy and security of the data.”
The HIPAA Omnibus Rule, which went into effect in September, holds accountable all parties that come in contact with patient data in the event of a breach, regardless of where information is stored, including the cloud. Ghanayem says the key to maintaining a secure environment is working diligently with provider partners and setting security guidelines and parameters.
“The cloud industry has grown rapidly with many players making a great deal of statements on delivering results,” he says. “The importance and the security of the data cannot be understated [and] great care must be taken.”
Ghanayem also advises that plans be diligent in evaluating the service providers and partners carefully.
“Cloud computing can be very beneficial in helping organizations become nimble while lowering cost and increasing capability,” he says.
In February, the Northeast Georgia Medical Center (NGMC) started utilizing a cloud system to improve communication between paramedics and cardiologist, collect data on out-of-hospital cardiac arrests and provide better patient care for its cardiac arrest patients.
“We were looking for a repository that was cloud-based that would be a centralized location for data, says Jeff Clark, RN educator in NGMC’s critical care unit.
When a patient goes into cardiac arrest, they can go through several stages of the system including the Emergency Department (ED), the cardiac catheterization lab (cath lab), and critical care.
“All of that happens so rapidly that sometimes immediate information is verbal only, or verbal at best,” says Jason Grady, NGMC’s regional STEMI coordinator. “Each time you pass on information, things can get misinterpreted, missed, or forgotten.”
NGMC realized this was a significant problem, especially when vital patient information was missing or incorrect when pass through each stage of care.
“We were really having a problem with tracking down that information later,” he says. “[The system] gives us an opportunity to document the information very quickly, while it’s still fresh in everyone’s mind, and be able to transmit it immediately to those that need to make immediate decisions for the patient.”
In collaboration with the cardiologists, NGMC developed a web form featuring 19 questions on patient information for the paramedics to quickly fill upon arrival to the center. The form only requires the last name of the patient, an approximate age, and the date and time of the patient’s arrival at NGMC.
“We put in just enough information that gives us the ability to match up the patient later, so if someone got ahold of that information just face value, it would be of no use to anybody,” Grady says.
With paramedics, nurses and cardiologist all needing patient information at their fingertips, mobility was an essential component. Paramedics can grab a tablet upon arrival to NGMC and complete the form in seconds. Once submitted, the cardiac team is instantly notified and can also view the information remotely.
The real-time, software-as-a-service system allows the hospital to collect and mine data to analyze trends. For example, data has shown that about 80% of cardiac arrest victims don’t get CPR before paramedics arrive, and only 50% of patients have access to defibrillators.
It also helps ensure that NGMC’s cardiac arrest patients receive the appropriate procedures and that unnecessary costs are avoided. Proper patient information upfront helps determine whether the cath lab should be a next step.
“Cath lab costs are not benign, especially to a payer,” Grady says. “It’s a very expensive test and procedure, it’s life saving, and we only want to do it when it’s appropriate. If it’s not, that’s a tremendous cost incurred to the facility and to the insurance companies.”
Plans and providers must be willing to do their homework on cloud systems, Clark says.
“Make sure it’s secure. Sometimes it’s bold to move forward in that area because it’s unknown, and yet it’s a huge powerful base that we would be fools to overlook,” he says. “We’re looking to answer bigger questions about management of data and how can we collaborate and have available resources in a very rapid and fast-paced world that we live in, so cloud base is a very smart choice, really.”
Although being apprehensive about the cloud is understandable, the way people communicate currently-both in society and healthcare-can be a motive for exchanging information digitally.
“Information is often printed off, put in a packet and sent down with a patient,” Grady says. “That’s not very secure; that information can get lost, it can be dropped, and it can be intercepted. With an appropriate cloud-based service that’s almost impossible.”
Ultimately, Grady says, it all hinges on the payer or provider and how their system is used and operated. “Technology is only as good as the people who are going to use it, how they use it and if it’s used appropriately,” he says.