- Cloud security, HIPAA compliance, and privacy are the three primary concerns for hospital CIOs who have considered using cloud-based applications, according to a survey of 175 healthcare IT professionals by cloud-based digital health platform Datica.
Around 50 percent of respondents cited security concerns as their primary worry when it comes to cloud migration.
More than half of the respondents have concerns about using healthcare software-as-a-service (SaaS) products, while 3.3 percent said they weren’t allowed to use them.
The survey was conducted at the HIMSS18 conference held March 5-9 in Las Vegas and included the participation of the College of Healthcare Information Management Executives (CHIME).
Slightly less than half of respondents said they are comfortable assessing compliance, security, and privacy of application vendors that are hosted in the cloud.
Even though a shift to the cloud is a priority for most of the respondents, only 20 percent of hospitals have adopted cloud-based infrastructure.
HIPAA compliance, security, and privacy worries are the main reasons why healthcare IT professionals are reluctant to use the cloud.
Although nearly 60 percent of those who took the survey placed cloud hosting in their organization’s top ten priorities, only about 30 percent have a strategy in place to move their data centers to the cloud.
Almost 40 percent don’t see a clear business value in migrating to the cloud. Concerns center on what to do with existing equipment like servers and determining how best to use the cloud.
“These survey findings mirror what we’ve been hearing in high-level conversations at Datica,” said Datica CEO and Chief Privacy Officer Travis Good. “Although cloud hosting for healthcare has become mainstream, the understanding of and confidence in the cloud to meet the exacting standards of the highly regulated industry is still a major concern for healthcare systems.”
According to the Datica survey, around 18 percent of the respondents said they work with healthcare organizations that have more than half of their existing software infrastructure remotely hosted or in the cloud. Nearly 15 percent of respondents said that between 25 percent and 50 percent of their infrastructure is cloud based.
Roughly 34 percent of respondents said their organization uses the cloud to develop applications or manage PHI. Of those, nearly 64 percent expect to have two to five internally developed, cloud-based applications deployed in the next two years.
These organizations are developing cloud-based applications for a variety of reasons. A full 70 percent are using cloud-based applications for data analytics, 46.5 percent are using them for population health, 32.7 percent for machine learning, 37.9 percent for community care, and 36.2 percent for clinical use.
Within healthcare organizations using the cloud, 70.6 percent have their own internal compliance policies, 13.7 percent use software-based compliance platforms, 10.3 percent use external managed service providers, and 5 percent have no compliance policy for cloud-hosted PHI.
Physician communities and innovation organizations oftne push for specific applications, but business requirements, cost efficiency, clinical communities, and patient communities can be the drivers behind the use of cloud-based healthcare applications.
More than two-thirds of respondents said that cloud hosting for existing applications is a top ten priority, but only 30 percent rated cloud hosting as top five priority.
A majority of respondents said that they are not hosting their primary EHR systems on the cloud, but a significant minority said they are using their EHR vendor’s hosted offering or a third-party hosting solution.
“The challenges of migrating to the cloud are not new, and healthcare IT professionals know that the change is coming. However, the organizational path forward remains foggy,” observed the report, Healthcare Cloud Take-off: Waiting for the Fog to Clear, based on the survey results.
“Healthcare organizations are not 100 percent convinced that cloud storage is safe for the protected health information (PHI) of their patients and therefore remain grounded for take-off,” the report concluded.