Guest Column | August 2, 2018

HIT: Finding The Right Cloud-Based IT Solution To Overcome Compliance And Security Concerns

By David Christianson, Versatile Healthcare Solutions

Cloud Impact On MSPs

Technology-driven healthcare innovations are emerging at a rapid pace to address quality initiatives and to support reimbursement models using EHR (electronic healthcare records). The complexity of these changes and new requirements can often appear overwhelming from an IT perspective. The need to consider workflow and clinical outcomes at every step of the way further complicates IT planning in the ambulatory environment. We look at top concerns for compliance and security and how cloud-based models can provide an excellent solution.

IT Resources For An Ambulatory Setting

With HIE (Health Information Exchange), personal health records need to be shareable between healthcare providers; such as private practice physicians, home health agencies, hospitals and nursing care facilities. This is where a healthcare IT services company can really make a difference. For instance, since EHRs have been widely implemented, medical practices have successfully gone paperless; access to patient data is amazingly convenient when it is working and amazingly inconvenient when it is not. Unfortunately, IT can become a barrier in an ambulatory setting with patient care.

Providers need to be assured that their computers will work properly. Providers want to avoid entering an exam room, trying to log in and find that they can’t because the Wi-Fi cuts out. They end up spending too much time trying to get what they need on their screens. Mobility in particular presents a whole range of IT challenges that need to be met before applications are implemented or upgraded. If core IT infrastructure is inadequate, then the best applications in the world have no hope of being effective.

Providers are spending too much time after hours – after the patients have left the practice – to complete the administrative tasks associated with EHR, payment requirements, etc.

Compliance And Security

Healthcare practices have a heavy burden with compliance and security. Payers and regulators often require security and risk assessments as part of their approval, certification and payment processes.

Compliance issues can also present many hurdles for IT advancements in healthcare. It is generally more straightforward to follow regulations like HIPAA, MIPS, and HITECH with systems managed by an experienced healthcare IT solutions provider than to keep silos of legacy systems or patched-together systems without proper support. IT has advanced to where service-based models often make sense for healthcare applications to move safely to public or private cloud platforms.

MIPS (Merit-based Incentive Payment System) is a system for value-based reimbursement under the Quality Payment Program (QPP) with the aim of encouraging continual improvement and innovation to clinical activities. Security risk assessments (SRAs) are requirements of the programs and regulations. In care settings, SRAs are intended to protect and secure health information (electronic protected health information) from a wide range of threats, whether in emergency situations or during a system failure that constitutes a risk compromising the confidentiality and integrity of information.

Healthcare IT solutions providers have the resources and expertise to manage any weaknesses in the organization’s security procedures, design, implementation, or internal controls. It can be far ranging from a healthcare practice's use of a laptop without a password on an open wireless network, which may inadvertently allow access to a patient’s health record or may be something as simple as users clicking on malware.

Those healthcare IT solution providers themselves must ensure that they are compliant and secure. Each provider is required to demonstrate and certify compliance to his or her clients. This requirement often eliminates scores of potential vendors when healthcare organizations consider purchasing services and outsourcing. It is an exacting, stringent and costly business process for any solution provider.

Investing in healthcare IT service providers who have expertise in these areas can take away a lot of headaches. Introducing new platforms into existing systems can introduce new problems. Continually adding on new systems means your healthcare IT infrastructure becomes a bit of a mixed bag, such as some mission-critical operations on legacy IT patched together with born-in-the-cloud applications for less-regulated functions. Healthcare IT service staff can not only learn how to use the new applications and tools to make their lives easier, but those in charge of maintenance, security and recovery won’t have to face the new complexities within a practice's IT environment alone. They can safeguard physician practices from being out of compliance in the event of a disaster.

Finding The Right Cloud Combination

Healthcare IT can benefit from a move to the cloud. There are advantages to each a hosted private cloud, on-premise and hybrid cloud models. Different environments require different models. There is not necessarily one-size-fits-all. It is based on functional and technical requirements and also business drivers. It is not just about function, feature and benefits but also timelines. It is important not to go to a set menu but a solution approach of matching technology solutions to functional and business requirements.

A server in an office to support a couple of doctors seems to be a straightforward approach but perhaps isn’t the best solution. It is better to assess first what would work best rather than go with the easiest route for an implementation. Often there is a case for having a private cloud solution and again, it really should be dependent on many variables and business drivers. For instance, hospitals and health systems have to be forward thinking and provide new services and benefits to referring physicians so that they don’t lose patient referrals to other providers. With cloud services, whether using Office 365 or SharePoint, there can be private-label email allowing hospitals and healthcare systems to provide domain names with secure emailing to physicians at a very low cost, while building up loyalty.

Such regulations as HIPAA and governance over data security can often deter widespread cloud adoption. This is because the notion of moving most or all of a healthcare organization's key administrative duties and patient data storage to a cloud service still causes concern. While there are public- or private-cloud models, there is still a strong preference toward private clouds and often there is a willingness to do more with cloud computing if the platform is private and not shared.

However, even in light of this, the value of the cloud supersedes the concern and should be leveraged by healthcare organizations of any size. A healthcare IT services firm can really add value in helping to determine the functional and technical requirements up front and then assist in implementing the right cloud combination that the organization wants. It has got to be at a comfort level that is right for the organization at that particular time. For example, a multi-site heath network can benefit from SharePoint Online as an intranet portal within the healthcare organization's private, secure online network to facilitate collaboration and information sharing amongst hospital and its associated practices.

There are so many suppliers and a myriad of options. It can be overwhelming and a great advantage is to work with healthcare IT experts that have experience with multiple cloud vendors and their applications to serve the healthcare industry. For instance, in addition to Microsoft, Salesforce, HP and IBM, even Iron Mountain offers cloud and a data migration service to enable the move of massive amounts of data, in and out of the cloud without the challenges or expense of limited network bandwidth.

In Conclusion

With the rapid evolution in healthcare technology, healthcare organizations are stressed in trying to stay on top of the constant progression of technology. Utilizing a healthcare IT services firm provides flexibility, efficiency and effectiveness, to stay in compliance for privacy and security concerns. This can complement, supplement, or supplant what your organization’s IT staff does — and do so in a hosted or hybrid cloud-based arrangement or on-premise.

About The Author

David Christianson is Senior VP of Versatile Inc. ( He brings 30 years of IT and business experience to his role at Versatile. David started his career in commercial banking where he managed IT, operations and retail banking functions. He was a Founder and Partner at Concordant, a healthcare consulting firm acquired by Arcadia Solutions in 2011. Prior to Versatile, he worked as an independent IT and management consultant. A primary focus of his career has been in helping clients find the intersection of business needs and technology, and in facilitating complex problem solving. David holds a B.A. in Political Science from Boston College, and has a Masters in Management from Fitchburg State University.