Best Practices in Cloud Computing for the Healthcare Industry


In a white paper published by ClearDATA, it lists some of the most important criteria to consider when selecting a hosting provider to move your applications to cloud:

Locations:
Where will data need to be hosted, and how far away should it be? Should data be replicated to another data center facility? Will they be located in different disaster zones? How far away should it be from the primary site?

Virtualization needs:
Ensure that physical servers and a Storage Area Network (SAN) will be provided for any virtual server environment Verify that data is not accessible to any other organization and that security measures are taken to protect this environment from vulnerabilities. Data must be protected in accordance with HIPAA regulations.
Inquire about the availability of a “single pane of glass” management console to connect and manage virtual servers. Be sure that the virtual environment offers high availability features so that no business disruption occurs so that virtual servers will continue to operate in the event of a physical server hardware failure. Be sure of the ability to procure a new virtual server on demand, and ask for load balancing across physical servers to maximize performance

Make a checklist of facility requirements. Among them, be certain:
Find a Tier III data center that is SOC II and III and SAEE 16-certified, as well as HIPAA and PCI compliant. These certifications provide proof that the service provider has documented security processes that are followed strictly and completely auditable. Ask about service-level agreements (SLAs) and up-time records for platform, network, and storage availability. Find SLAs that speak to the main components of availability: security, network, cloud platform, and storage. An SLA needs to be a guarantee, as well as something that can be reported on.

Dive deeply into service capabilities: Healthcare organizations have to work around the clock, and so does the hosting provider. Ask for 24/7/365 service capabilities and ensure that your service provider can meet your response times.

Storage needs: The SAN should be available 100% of the time, excluding scheduled maintenance. In the event of any hardware failure, the hosting provider should have a technician with appropriate parts available onsite within six hours, or the service provider should credit your organization for a portion of the cost of your downtime.

Data backup and restore: Understand the backup process, frequency, and retention periods. Do they work with your controls? How flexible are they? Understand how backups are validated.
Instead of relying solely on test restores, request continual reports of successes and/or failures and gain to a log of success versus failed backup jobs to drive best practices.

Pay attention to monitoring and response: All servers should be monitored by at least six ports, and gauged on key performance metrics.

Select a service provider that can support multiple models: Most cloud service providers should be able to provide several options:

- A private cloud, the most expensive option, is one in which the services and infrastructure are maintained on a private network. These clouds offer a high level of security and control, but they require the company to purchase and maintain all the software and infrastructure, which leads to somewhat higher expenses.

- A public cloud shares space with other organizations. Note that this is the most cost-effective alternative, but public clouds are often not the most appropriate option for healthcare organizations due to security concerns.

- A hybrid cloud includes a variety of public and private options with multiple providers. By spreading things out over a hybrid cloud, each aspect of the business can be kept in the most efficient environment possible. The downside is that IT managers have to keep track of multiple different security platforms and ensure that all aspects of the business can communicate. Hybrid clouds are often good choices when healthcare organizations want to set up a virtual private network (VPN) behind their firewall. Or, perhaps a medical institution wants to use a public cloud to interact with patients but keep their data secured within a private cloud.

- A multi-tenant private cloud is a good option for healthcare institutions because it balances reasonable costs with high security. A multi-tenancy architecture can take advantage of virtualization and remote access. A software as-a-service (SaaS) provider, for example, can run one instance of its application on one instance of a database and provide web access to multiple customers. In such a scenario, each tenant’s data is isolated and remains invisible to and secure from other tenants.


Be sure to choose a provider that will:
• Sign a HIPAA Business Associate Agreement and be HIPAA compliance experts • Support a SOC2, SSAE16 and HIPAA-compliant • Provide set response times, depending on the risk to your organization (emergency, urgent, standard, and so on) • Provide extensive healthcare cloud computing managed services

• Deliver 24x7x365 live healthcare-level support

• Offer industry-leading healthcare-specific products

• Exhibit exceptional data center, cloud hosting, and cloud managed services

• Be flexible and provision additional services as necessary, such as initial cloud services setup and provisioning and additional Internet bandwidth

• Be exclusively focused on the healthcare industry. Healthcare IT is a complex and regulated environment with its own language and high criticality up-time, redundancy, and security requirements.

Seven important factors to consider when shopping for a Patient Portal solution

Patient engagement is critical to achieve Meaningful Use Stage 1 and Stage 2. It's no secret that patient portals increase patient satisfaction, lower hospital operating costs and promote higher usage of better data.

Medhost has published an insightful whitepaper that proposes 7 questions one should ask during the vendor selection process:

1. Is it certified as a modular and/or ambulatory inpatient EHR by ONC?

2. Does it enable access to patient records from any location and device?

3. Does it provide HIPAA-compliant messaging with the entire care community?

4. Does it offer features such as a Caregiver persona?

5. Does it update demographic information seamlessly?

6. Does it support your population health management strategy?

7. Can you enable an EMPI view of patients’ health records across the enterprise?

5 Steps to Success with Stage 2 Meaningful Use

In a white paper published by AthenaHealth Inc. on September 2013, it lists the following five steps to successfully bring a medical practice through the Meaningful Use program and beyond:

Step 1: Assess Your Starting Point 
See how Stage 1 compares to Stage 2, and where you need to focus to attain Meaningful Use objectives.

Step 2: Plot Your Timeline
Understand your incentive payment schedule, your Meaningful Use reporting period, and how to ramp up to Stage 2 while also undergoing the 2014 ICD-10 conversion.

Step 3: Upgrade Your EHR 
Assess your EHR’s ability to handle the Stage 2 requirements, including the required transition to the 2014 certified version, and determine the right criteria for evaluating EHRs if you need to switch.

Step 4: Integrate Meaningful Use Measures into Your Workflow 
Evaluate your current workflow to maximize performance and increase your Stage 1 performance to meet the Stage 2 thresholds.

Step 5: Create A Patient Engagement Strategy
Create a patient engagement strategy that leverages technology and marketing to launch and promote a patient portal and actively engage patients in their care.

10 Steps for Surviving ARRA & ACA Requirements

Dr. Dick Taylor, a managing director and chief medical officer of MedSys Group’s Advisory Services Division, in his June 3rd 2014 article in Imaging Technology News articulated 10 goals for this year as it is the final sprint toward ARRA and ACA’s deadlines. Surviving this environment will require providers to focus on achieving the following goals over the course of 2014:

1. Reduce expenses, both per-patient and fixed overhead. Admittedly, this is easier said than done.

2. Where practical, grow larger through acquisition or affiliation. This spreads fixed overhead over a larger patient volume and allows much more efficient team-based and whole-patient care. Growth must, however, be calculated and managed to capture these savings. Rapidly growing organizations must be watchful to avoid operational and cultural traps.

3. Achieve Meaningful Use and avoid ARRA Medicare penalties. Providers who have missed Meaningful Use to date are now looking at reduced awards and penalties (amounting to small but significant percentages of CMS billing) beginning in 2015.

4. Achieve ICD-10 compliance on time (by Oct. 1, 2014) without destroying the organization. While ICD-10 is critical (not billing with ICD-10 is simply not survivable for most providers), this has become the “Y2K” for healthcare. Caution, particularly around involving physicians and mid-level providers in the minutiae of coding, is strongly advised.

5. Pursue transparency for quality outcomes and cost. Payors, employers and patients are all watching these very carefully, and organizations that are not forthcoming will become less favored over time.

6. Pursue transformation in long-term healthcare, including population health, chronic disease management and wellness. Fee-for-service is likely to become far less sustainable as a primary business model over time.

7. Reduce clinical variation, both by pursuing good evidence (where available) and by achieving agreement on leading practices among providers. Much of the variability in clinical care is not associated with improved outcomes, and some of it is actively harmful, both in cost and patient outcomes.

8. Recognize and honor the risk you own. Health systems have always “owned” the risk for charity and “self-pay” patients. The ones who recognize and accept this are much more likely to provide good care and keep costs under control.

9. Look for whole-patient (“accountable”) care opportunities within your own orbit. While the ACA set out the framework for accountable care organizations, the reality in 2013 is that these are still embryonic. Organizations that begin at home will be ready for risk-sharing moving forward.

10. Treat your IT expenditures as long-term investments, not expenses. Organizations should expect to spend an increasing percentage of capital dollars building technology assets. Acquire standards-based IT assets that will stand the test of time. Expect, plan and capture the hard- and soft-dollar returns from them. Organizations that view IT simply as an expense will forego future profits in the pursuit of short-term efficiency.

Avoid These Six Implementation Pitfalls to Achieve EHR Success

According to the 2014 Exclusive EHR Study conducted by the MPI Group and Medical Economics, 70 percent of clinicians said their EHR investment has not been worth the effort, resources, and costs. This whitepaper details six implementation pitfalls, and how to avoid them including:
  1. Choosing the wrong EHR
  2. Underestimating the importance of an implementation plan
  3. Not enough training prior to go-live
  4. Underestimating the importance of HIPAA Compliance
  5. Falling behind on universal policies
  6. Getting stuck on how you used to do thing