Why hospital data centers are moving to the cloud
Cloud-based data centers are more cost-effective and as secure, if not more so, than in-house centers, experts say.
As hospital data center infrastructures age and resources shrink, IT leaders are increasingly looking to the cloud to meet their storage needs. Not only is it cheaper than investing in upgrades and replacements of existing hardware and software, but it can add a level of security, especially in disaster-prone areas. The trend has some wondering if hospitals will still have physical data centers in the future or whether they will go the way of the dinosaurs.
“The data center isn’t going away,” Paul Butler, director at Top Tier Consulting, tells Healthcare Dive. “But in 10 years, I think the data centers will be mostly in the cloud.” Butler envisions massive data centers based in the cloud that are run by professionals and HIPAA-compliant, HIPAA- and IDC-certified, with “very, very small” data centers located in hospitals.
Most organizations that have embraced the cloud use a hybrid model, with some data still on premise and some in the cloud. According to market intelligence firm IDC, more than 80% of companies will commit to hybrid cloud architectures by the end of this year.
What hospitals choose to keep on site will vary depending on the software vendor, all or at least most of which are developing cloud options, but would likely be such things as local security-related software and firewalls.
Ease of use
Medstar Health is in the process of implementing a new three-year technology plan that will shift data to the public cloud or a private cloud depending on how tightly it needs to be secured. Regulations and other information that needs to be close at hand will remain on site.
The move makes sense from an investment standpoint, says Ed Fisher, vice president and chief technology officer at the Columbia, MD-based health system. “We’ve been doing this for years where every three to five years we look and say how many servers do we need to replace because they’re five years old, and that’s X hundreds of thousands of dollars,” he tells Healthcare Dive. “And you throw depreciation on top of that, it’s a pretty good nut. On top of all that, these days with all the technology, I find myself on Friday signing off on POs and I’m pretty certain by Monday that the technology is going to be better. But I’ve already made the investment,” he says.
“The cloud strategy allows me to say on Friday my team is going to spin up some brand new servers in the cloud, and three months from now if they need to be upgraded to more memory or more storage, they can do that on the fly and it only costs me an operating dollar versus having to buy all new equipment and do it all over again,” Fisher says. “So my agility increases and so does my efficiency.”
Healthcare hasn’t always been a fan of cloud computing. Not too long ago, the prevailing thought was that the cloud was not secure enough for personal health data and it was safer to keep on site.
“I think the change you’re seeing today is that the healthcare industry has realized that not only is the cloud secure for healthcare data but it’s probably more secure than what they’re able to do inside of a hospital.”
Director, Top Tier Consulting
One reason for this shift is the increasing number of cyber attacks on hospitals and health systems and the steep penalties they face for HIPAA violations. Cloud companies can offer the kind of security experts, firewalls, monitoring and protection that most hospitals simply can’t afford.
They also offer off-site backup and recovery, which can be important for facilities like Antelope Valley Hospital in Lancaster, CA, which is located seven miles from the San Andreas fault. Butler is currently serving as acting interim CIO at the 450-bed hospital, overseeing a two-year effort to host EHR off site and most other applications in the cloud.
Hospitals that utilize the cloud should ensure that their security operations center has peer review into that cloud and can watch it like they would an in-house data center, says Fisher. They also need a security and mitigation plan for when things go wrong.
Just as important as security, perhaps, is reliability. “If a cloud service provider goes down and takes out not just your hospital but many other hospitals, that’s problematic when a hospital is a critical infrastructure to a local community,” Sajid Ahmed, chief innovation and information officer at Martin Luther King Jr. Community Hospital in Los Angeles, tells Healthcare Dive.
The one-year-old, state-of-the-art hospital put the majority of its electronic health record and financial systems in the cloud. Localized applications such as internet, email and security protections are managed on site.
He expects smaller organizations, such as standalone hospitals, rural hospitals and clinics, will readily ditch their data centers and move to the cloud. It’s more cost-effective than managing data inside the hospital and cloud companies often discount their maintenance fees, Ahmed says. Large health systems with heavy infrastructure investments, however, may be slower to change.
Pay as you go
One of the cloud’s main attractions is that it is a pay-as-you-go model. Organizations lease computer time from a third party versus laying out capital expenditures for computers and other hardware. There are fees for things like set up and migration, but it’s more flexible and requires less upfront money than a traditional data center.
It’s also faster, eliminating the usual procurement and installation process when systems need upgrading, which can take months to complete.
While the pros of cloud computing can seem fairly obvious, resetting expectations in the C-suite is not always a slam-dunk. As with any service provider is used, you have to know what the service level will be, what guarantees will be put in place, disaster recovery and backup capabilities and the security, says Fisher. With the cloud, someone else owns the hardware and is doing the patching. Hospitals need to ensure that their cloud vendor follows their security protocols and that it’s in the contract.
“The biggest con for cloud services is perception.”
Chief Innovation and Information Officer, Martin Luther King Jr. Community Hospital
Another challenge is explaining to finance officers that capital dollar to operating dollar shift. It helps to prepare a long-term forecast that can illustrate what that shift will look like, Fisher adds.
“It’s the same hardware, the same software, whether it’s managed by an in-house team or you outsource it, meaning you rent it from a cloud services provider,” Ahmed says.
Look before you leap
Choosing the right cloud vendor is important, however, as migrating data to the cloud is very labor-intensive and not something IT staff will want to repeat, Butler notes.
“Once you go with a particular vendor, you’d better be happy with that vendor because it’s [data] are going to stay there.”
Director, Top Tier Consulting
To get the best deal, Butler recommends against farming data out to the first cloud organization that walks in the door. Organizations should have a clear strategy for what they want to achieve with t he cloud and then work with a single vendor that can take care of all their data needs.
It really boils down to cost and efficiency, says Fisher. “What I’m seeing, especially the bigger organizations, is how do I get rid of my data center? It’s costing me a lot of money. It’s a physical asset — HVAC, the floor tiles, the space. How do I get rid of it? And the answer is utilizing the cloud.”
This trend, as it intensifies, will impact how data service vendors position themselves in the market vis à vis organizations seeking servers and those seeking storage, Fisher believes. “There’s going to be a big shift in who’s my customer for the vendors,” he says.