September 2012

Reach for the Clouds
By David Yeager
Radiology Today
Vol. 13 No. 8 P. 6

Imaging departments, and in some cases entire medical enterprises, appear to be responding to the siren song of the Internet cloud and considering the potential benefits of cloud services. While there have been questions over the years about whether cloud services can work on a large scale in healthcare—due in part to the nature of healthcare delivery and the glacial pace of change in many facilities—more healthcare organizations are taking a closer look. With numerous cloud examples from other industries and a solid medical data security record, the cloud isn’t quite as scary as it used to be perceived.

There is still reason to be cautious, though. Concerns about data security and regulatory compliance have yet to be addressed in a standards-based and transparent way, although cloud vendors are working on those issues, says John S. Koller, president of KAI Consulting. He also notes that there are also significant concerns about how data are handled if and when they cross international boundaries. For this reason, Koller says it’s up to each organization to shop around and conduct its own research when evaluating how a cloud service will handle the facility’s data.

Security and compliance concerns aside, the prospect of using the cloud to store and share medical images and other healthcare data continues to pique interest. Healthcare organizations can be slow to change, but cloud archiving and cloud-based PACS offer cost flexibility that administrators in many departments and facilities find appealing.

The low cost barrier is a significant draw. Rather than a large capital investment, cloud services offer unit pricing—per use, per case, per month, etc—depending on which makes the most sense for the facility or department. This allows facilities to shift the cost of an archive or a PACS from its capital budget to its operating budget so the tools’ use is supported by the work that’s being done.

“The big thing is, it opens up the door,” Koller says. “Considering the cost of a capital system, which may be prohibitive, it opens up an opportunity to get access to some tools for your physicians that may not have been available because of cost barriers.”

Exit Strategy
Before getting into a cloud contract, learn how to get out, Koller advises. Organizations need to know how to get their data out of the cloud if they decide to switch vendors. In the capital purchase world, it’s a straightforward migration from one vendor to another, but do the same rules apply in the cloud? Issues such as cost, obligations, and data ownership need to be clearly laid out before signing any agreement.

Depending on the type of application, there may also be interoperability issues to address. If a Health Level Seven International or DICOM interface is needed to move data from the facility to the cloud, there are security concerns. If the application has to be accessible outside the radiology department, the technical difficulty increases as well. If considering a cloud solution on an enterprisewide level, the IT staff will have to integrate with multiple users at multiple locations. Cloud vendors typically provide support for their interfaces, but clinical departments often lack the resources or capabilities to handle those types of integration challenges. To make it work, Koller says the clinical people need to get the organization’s IT staff on board and make sure the vendor is compatible with IT and the facility’s policies.

“It’s critical that when you look at a vendor, make sure they can speak the same language as your IT people,” Koller says. “You’re going to need IT in your camp. You’ve got to make friends with them.”

It’s also important to consider data flow, both immediate and future. Cloud services require a wide area network connection. Facilities should make sure that their communications vendor, who may or may not be the same as their cloud vendor, has the capability to scale up in case the facility later needs or wants more capacity from the cloud service.

There should be more than one path for the data to travel as well. If there’s a single point of failure anywhere along the data chain, there’s a significant risk of losing access, which could be devastating if the facility depends on the service to deliver critical care. To guard against this possibility, there should be more than one data pipe traveling to and from the cloud. Koller cites the example of a large data center that wanted to ensure nearly 100% uptime. The center contracted with five different communications providers, each employing a different type of communications technology and a different network infrastructure, and ran the lines out of the facility in multiple directions to minimize the possibility that they could be accidentally cut all at once. While that level of redundancy probably isn’t necessary for most facilities, Koller recommends that hospitals contract with at least two communications providers and run the lines in at least two different directions. He says it’s also a good idea to ask the vendor about maintaining a local data cache in case there’s an unexpected service interruption.

“Don’t create a situation where one simple error, like a backhoe digging in the wrong spot, can take out everything,” Koller says.

Enterprise Perspective
How a healthcare organization decides to utilize the cloud will depend on its needs. For example, smaller facilities may find significant cost savings in cloud services, while large multicenter organizations that have their own IT infrastructure in place may find cloud services useful for meeting regulatory requirements related to storing multiple copies of medical records at geographically different locations. But when considering the cloud, it’s important to maintain an enterprisewide perspective.

The low cost barrier and the relative ease of acquiring cloud services sometimes obscure the fact that the technology has to work within the entire enterprise’s framework, not just in a department or at an off-site clinic. The clinical people may not know what the organization has planned, whether it’s a new security protocol or policy or something else that affects the entire enterprise, which could result in losing access to the cloud service down the line. Koller says any implementations that involve outside entities need to be discussed with IT.

“A lot of times you will see departmental decisions being made to put something into a cloud without it ever being vetted or approved at any kind of enterprise level,” Koller says. “And that isn’t necessarily a good thing because now you’ve got potentially disjointed solutions that don’t play nice with an enterprise strategy.”

— David Yeager is a freelance writer and editor based in Royersford, Pennsylvania. He is a frequent contributor to Radiology Today.