KLAS: Security is a Top Factor in Public Cloud Adoption For HIT Vendors

December 09, 2022 - Security is a top priority for HIT vendors when it comes to public cloud adoption, KLAS found. For its 2022 report, KLAS surveyed senior IT leaders from 44 HIT software vendors, all of which are customers of public cloud providers. The report was the first time that KLAS had sourced feedback solely from HIT software vendors.

Nearly half of the interviewed vendors said they had migrated all their go-forward solutions to the cloud. The rest are in varying stages of implementation or migration. While Amazon Web Services (AWS) is the most widely used primary cloud provider, Microsoft Azure is gaining momentum. About three-quarters of respondents whose companies were in the early phases of moving to the cloud are using Microsoft Azure, KLAS found.

Google Cloud Platform (GCP) is also a contender, but KLAS found that vendors use GCP more often as a secondary cloud provider to “fill functionality gaps or enhance capabilities.”

As cloud adoption increases in the healthcare sector and in the vendor space, cloud customers are still facing challenges when it comes to things like support and training from the cloud provider, billing complexity, and interoperability between cloud providers.

Respondents cited cost most frequently as a challenge to cloud adoption. Specifically, vendors reported high retrieval and egress fees and a desire to simplify billing and cost management. Vendors also reported a desire to see cloud providers investing in core solutions to increase adoption, such as tool standardization and AI capabilities.

“Additionally, respondents note cloud providers should take on more risk related to security,” KLAS noted. “Vendors want help with ransomware, more security certification coverage, upstream safeguards, better authorization and access, and less traditional IT infrastructure in the cloud.”

Security has long been a concern with cloud adoption. However, concerns today largely lie in how the cloud technology is implemented, rather than inherent security risks in the solution, a report by the Cloud Security Alliance (CSA) suggested.

Telehealth vendors achieved the highest levels of cloud maturity, based on KLAS respondent data. Two-thirds of telehealth vendors reported having full customer adoption, and all vendors had some products living in the cloud.

Population health vendors were behind telehealth vendors in terms of cloud maturity, followed by data and analytics, payer, and imaging vendors. Core clinical vendors, such as EMR and clinical communications companies, have room for improvement when it comes to cloud maturity according to KLAS respondents.

As more HIT vendors embrace the cloud, they are placing more emphasis on key considerations like how the cloud service provider manages scalability and security risks.