How to Find the Right Cloud Solution for Small Healthcare Organizations

Weighing the Options: Public, Private, Hybrid and Multicloud

The public cloud offers flexibility and scalability when it comes to increasing computing power or hosting applications and data, with significantly less investment necessary than an on-premises data center. Contracting with a cloud service provider also offers physical security for computing and storage infrastructure, along with certain identity and access management features such as multifactor authentication, role-based access control and single sign-on. (Availability of these features will vary depending on the organization’s contract with the CSP.)

But organizations are largely on their own when it comes to ensuring HIPAA compliance and HITRUST certification in the public cloud. They also need to be mindful of tiered pricing models in CSP contracts, which can lead to unexpected cost increases. Finally, they need to consider what to host on the public cloud before moving ahead.

Private cloud combines the scalability of public cloud services with the security available from on-premises infrastructure. Whether organizations host a private cloud onsite, offsite or with a CSP, they maintain far more control over their hardware and software than in a public cloud environment. This control can include (but is not limited to) security and access policies, infrastructure customization and regulatory compliance.

The primary trade-off with private cloud is cost, as it requires infrastructure investments that are not needed for the public cloud. Private cloud architecture can also require the use of technology such as virtual machines or containers in which to run cloud services, as well as cloud management software to control infrastructure. This can improve flexibility and efficiency, but it requires specialized expertise that small or rural organizations may struggle to find.

The hybrid cloud model allows organizations to use both public and private cloud services where they make the most sense. Typically, databases and applications with protected health information and other sensitive information will remain on-premises, while applications that may require additional storage or computing capacity on short notice (such as analytics) can run in the public cloud.

The hybrid cloud is popular in healthcare as a “best of both worlds” approach. However, it does require organizations to take the time to develop a hybrid cloud strategy that identifies which services will be hosted where, and how they will be managed. Organizations also need the infrastructure and technical know-how to move data and applications from the public to the private cloud without incurring significant downtime or expense. Small organizations that lack this expertise may find it difficult to address these needs.

Finally, the multicloud approach includes services from multiple public and/or private cloud vendors. This model reduces an organization’s reliance on a single cloud service provider, minimizes the impact of latency by using data centers that are geographically closer, and lets organizations choose the right cloud provider for the right service — one for backup, one for testing, one for disaster recovery, and so on.

On the other hand, security and governance become more complicated with multicloud use, and clouds from competing vendors are unlikely to be interoperable. Even the act of choosing which vendor to use for which purpose — and then managing multiple contracts with CSPs — can be a complicated process. Again, organizations with limited expertise in-house may struggle to address these operational challenges.

The Power of Partnership for Cloud Deployments

Given the limitations of local resources, smaller IT budgets and talent recruitment, rural hospitals and health systems would be wise to consider what an outside partner could do for them.

For example, the add-ons available from public CSPs for cloud security and management are likely to provide a level of protection that smaller organizations could not achieve on their own. Using the cloud also helps organizations get out of the data center business, lowering the cost of running and maintaining applications while freeing up physical space onsite for revenue-generating activities.

If that’s not enough, working with a remote managed services partner can help a rural organization offload some cloud security and management responsibilities. This will let the onsite IT team focus on supporting the needs of patient care and hospital operations — areas where they have unique expertise that others cannot match.

Another option for small, rural healthcare organizations is to tap government programs that can facilitate connections to the cloud. One example is the Iowa Communications Network. In addition to providing a fiber optic network connection for healthcare (along with education, government and public safety) it offers access to several public cloud services, firewall protection, distributed denial of service mitigation and redundancy.

“We want to give everyone the ability to connect to the cloud. We want smaller organizations to have the same opportunities as everybody else,” says Scott Pappan, ICN’s CTO. “Our goal as an organization is to make a shared computing infrastructure available. That way, everyone in rural Iowa wins.”