The technology that drives health care today is changing in response to increase concerns about security and reliability, and external regulations like the security regulations in HIPAA. In addition, the HiTech portion of the stimulus law this year has provided incentives for health care providers to adopt technology that allows for health data exchange and for quality reporting (which is a data driven process for providing outcome reporting for certain quality measures as defined by the Secretary of Health and Human Services). There are a fair number of technology vendors that provide electronic health records (EHR) systems today, and also a fair number of vendors that have developed business intelligence or more sophisticated data reporting tools. Health data exchange is a newer field; google and Microsoft have begun developing systems that allow users to establish a personal health record database, and some states have started planning for larger scale data repositories, but this concept is still at its beginning stages.
A buzz word today in technology is “cloud computing,” which is a fancy way of describing internet systems that businesses can rent from service providers to perform business tasks. The idea is not new, even if the buzz word is; in days of yore, we called these “application service providers” or ASP’s for short. I suppose that the IT marketing folks got sick of being compared with a nasty snake and thought clouds were better (or maybe more humorous if they had ever read Aristophanes). Of course, the perjorative “vaporware” which roughly translates to a software vendor that markets a product it does not yet have to actually sell to people, also rings of clouds and things in the sky. And the old “pie in the sky” as a way of saying “that’s a nice idea but has no hope of being useful down here where mere mortals live” could also relate to clouds.
That aside, there may be something to cloud computing for us mere mortals. One of the important aspects of technology is how complex it actually is under the covers, and the degree and scope of support actually required to get the technology to work properly. Larger businesses that have high concentrations of technology engineers and analysts are better equipped than the average business to deal with technology issues. In this respect, cloud computing offers a business a way to “leverage” (another business term thrown casually around) the expertise of a fair number of technology experts without having to hire all of them on full time. One of the dilemmas for business consumers, however, is the amount that one needs to be able to trust the technology partner they rent from. This is the same problem that ASP’s originally faced years ago. What happens to the data in the cloud when the cloud computing vendor either stops providing the service you are using, or just goes out of business? How do the businesses work together on transitioning from one cloud to another, or from the cloud back in-house? What if the business wants to host its own cloud onsite or at its existing hosting facility? How are changes to the hosted application controlled and tested? How often are backups performed, how often are they tested? How “highly available” is the highly available system hosted? How are disasters mitigated and what is the service provider’s disaster recovery/business continuity plan? How are service provider staff hired and what clearance procedures are employed to ensure that staff aren’t felons that regularly steal identities? The list of issues is a long one.
The other dilemma for businesses that want to use cloud computing services is that many of these services have a standard form contract that may not be negotiable, or essential parts of it may not be negotiable. For example, most cloud computing vendors have hired smart attorneys who have drafted a contract that puts all the liability on the customer if something goes wrong, or otherwise limited liability so severely that the business customer will need to buy a considerable amount of business insurance to offset the risks that exist with the cloud, should it ever fail, rain, or just leak into the basement.
On the other hand, businesses that have their own IT departments have the same set of risks. The difference, I think, is that many businesses do not have liability contracts with their otherwise at-will IT staff. So, if things go horribly wrong (e.g., think “negligence”), the most that might happen to the IT person responsible is immediate termination (except in cases of intentional property theft or destruction, both of which may lead to criminal but not automatic civil liability for the IT person involved). How much time does a business have to invest to develop and implement effective system policies, the actual systems themselves, and the staff to maintain those systems?
The advent of more widely adopted EHR systems in the U.S. will likely heat up the debate over whether to use cloud computing services or virtualized desktops that are hosted centrally by a hosting company in order to roll out the functionality of these systems to a broader base of providers (currently estimated at 1 in 5 presently using some EHR). Companies that can cost less than the Medicare benefit to providers while helping providers comply with the security regulations will likely have the most success in the next few years. Stay tuned!