Upload
christopher-wynder
View
389
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Presentation on the potential role of cloud infrastructure in healthcare delivery from eHealth Canada 2012. Key concepts are the different types of cloud, the potential use cases for cloud as part of healthcare delivery and the current models that we are seeing in Canada and the US.
Citation preview
Practical IT Research that Drives Measurable Results
Mobility and bedside care: The role of IT in new care models
Melding cloud computing and consumer devices in secure way.
Christopher Wynder, Ph.D Research Analyst
May 2012
(@ChrisW_ptmd)
“Anywhere computing”
How did we get here?
– Explosion of mobile devices and new class of healthcare consumer Apps.
– Cloud as a viable infrastructure option for secure industries
– The need for a more agile application delivery system.
What is Cloud computing and is it in use in healthcare
–Definition of cloud computing
–What is the type of cloud relevant to healthcare
Mobile and consumer devices as healthcare delivery vehicles.
How does the whole system work together
Info-Tech Research Group
Meet enhanced expectations about healthcare delivery
Applications are evolving as rapidly as hardware, and changing what your employees expect in the workplace.
• Tablets and smartphones have woken consumers up to the possibilities of beautiful, easy to use applications with tactile and natural interfaces.
• Doctors and nurses are consumers, expect Apps built for medical to be at least as good as consumer apps.
• The flood of Healthcare commercials adds to the expectations.
• Your organization needs to meet these expectations. Security risks is no longer an acceptable excuse for Hospital IT to use.
– “If I can have my iPAD why can’t I make the most of it?”
– “I already signed in! Why do I need another password?”
Dr.Chronos
EHR
iHealth BP
monitors
AirstripEEG
“If Apple can figure out a glucose meter why can our IT department?”
-- Doctor at Ontario Hospital
Meet enhanced expectations about healthcare delivery
Applications are evolving as rapidly as hardware, and changing what your employees expect in the workplace.
• Tablets and smartphones have woken consumers up to the possibilities of beautiful, easy to use applications with tactile and natural interfaces.
• Doctors and nurses are consumers, expect Apps built for medical to be at least as good as consumer apps.
• The flood of Healthcare commercials adds to the expectations.
• Your organization needs to meet these expectations. Security risks is no longer an acceptable excuse for Hospital IT to use.
– “If I can have my iPAD why can’t I make the most of it?”
– “I already signed in! Why do I need another password?”
Dr.Chronos
EHR
iHealth BP
monitors
AirstripEEG
Consumerization are the devices and Apps that every doctor, nurse, patient and other employee own. Telling everyone not to bring their cell phone to work is out of the question nowadays.
Devices
Those devices brought into or accessing the facility by the end-user. (e.g. patients, consulting physicians, Auditors, user devices-smartphones, tablets, Macs).
Applications
Those applications that end-users have to access organizational data and move data either individually or in collaboration.
6
Cloud computing in healthcare: You have used it, you just don’t know it.
Ontario e-health model, US Veterans Affairs Dept. VistA
Cloud PaaSThe security that allows vendors (Diagnostic labs, Pharmacies) access to upload relevant information
and have it rationalized with patient records.
The underlying operational processes that allows for audits and controls for information quality and use. (i.e. Clinical research)
Cloud PaaSThe security that allows vendors (Diagnostic labs, Pharmacies) access to upload relevant information
and have it rationalized with patient records.
The underlying operational processes that allows for audits and controls for information quality and use. (i.e. Clinical research)
Cloud SaaSPatient records
Cloud IaaS
Patient data processing and analysis
Cloud IaaSStorageCentral provincial
databases
Cloud IaaSStorageCentral provincial
databases
“The portal”
What is Cloud Computing?
• Abstracted compute resources (processor cycles, memory, storage) that are typically derived from aggregated and virtualized commodity hardware.
• This aggregated and virtualized infrastructure is typically owned by an external third party (outside IT).
• Application workloads are provisioned by these abstracted resources which are elastic (they scale up with need).
• Cloud service customers share access to these resources (typically via the Internet) in a multi-tenant environment.
Info-Tech Research Group
Shorthand Multi-tenancyElasticOn-demand
“Many hands make light work”
What is Cloud Computing?
• Abstracted compute resources (processor cycles, memory, storage) that are typically derived from aggregated and virtualized commodity hardware.
• This aggregated and virtualized infrastructure is typically owned by an external third party (outside IT).
• Application workloads are provisioned by these abstracted resources which are elastic (they scale up with need).
• Cloud service customers share access to these resources (typically via the Internet) in a multi-tenant environment.
Info-Tech Research Group
Shorthand Multi-tenancyElasticOn-demand
Multi-tenancy? What about patient records?
Cloud computing in healthcare is essentially limited to community or private.
Community clouds in healthcare
The key difference in the healthcare space is the tenants. All of which are healthcare organizations.
All users have use rights to access all of the data.
Security is a low risk since it is control be access to the cloud
An Public/external cloud has two main differentiators.
•Third party. Commercial mixed user population clouds
•Multi-tenant. Customers of third party cloud services share access to these resources in a multi-tenant environment. Managing security remains
the biggest concern
Shorthand Multi-tenancyElasticOn-demand
All clouds have these
features
Cloud enabled services in use in healthcare:
Software-as-a-Service (SaaS) Many of the EHR records are accessed through a Cloud SaaS
Infrastructure-as-a-Service (IaaS)Most provinces have centralized storage of patient records “Cloud Storage”
Platform-as-a-Service (PaaS)Health Canada in collaboration with the provinces is developing a platform for patient record sharing and service deliveryInfo-Tech Research Group
Healthcare IT: plan for flexibility
Info-Tech Research Group 11
0%
20%
40%
60%
80%
100%
120%
0.78
0.88
0.98
1.08
1.18
1.28
1.38
1.48
1.58
Growth in # of PUD users at work
1. No 2. Yes0
10
20
30
40
50
60
70
80
90
100
Are you ready for Consumer devices?
Source Info-Tech survey of consumerization of IT in Canadian Healthcare (n=116)
A headache for Healthcare IT departments
PUDs=Personal and Unmanaged Devices
The key case for cloud based IaaS or SaaS in healthcare is secure access.
+
Consumer devices in healthcare represent a real issue.
This includes smartphones and personal laptops from both patient and doctors.
=
When implemented correctly Cloud IaaS and SaaS can be used to limit
the data footprint on mobile devices without
decreasing user mobility.
Cloud PaaS can minimize the risk of data loss from consumerization/personal devices.
All clouds have these features:
Multi-tenancy
Elastic
On-demand
General concerns about Cloud computing:
Data and organizational security. In Canada this is a limited concern due to the architecture of the PaaS that each province has built.
User access. Ensure that SaaS solutions have appropriate security measures for authentication including federated ID, single sign-on.
Engaged Integrated Persistent0
5
10
15
20
25
30
35
Inc
rea
se
in
pro
du
cti
vit
y
pe
r m
ob
ile
us
er
Increased productivity throughCloud based solution
Source: Info-Tech Research Group“Integrate Consumer Applications”
• When CoIT risk is unacceptable, PaaS offerings can be used to embed the security into the access.
• Examples: iCloud, Force.com, Windows Azure, Google AppEngine and OpenStack.
Platform-as-a-Service (PaaS)
0
10
20
30
40
50
60
Provide the access or risk data leakage.
Organizations that successfully provide access to Worker devices control resource access at the level of the device.
Pe
rce
nt o
f re
spo
nde
nts
Task MGMT
(Outlook, Gmail)
Collab.(IM,
conferencing)
Doc.MGMT(Share-Point)
Specialty Apps (EHR)
(Cerner)
Mobile apps
category
Successful, n=20
Average, n=44
2x
Source: Info-Tech Research Group“Best practices Case study”
We use Application virtualization and Citrix receiver so it isn’t necessary to manage and secure the devices. Now they have the same look and feel no matter what device they are using-and it is secure.
-Gary Rankin, System Architect, Hamilton Health Sciences
Patient database(EHR/EMR)
Clinical managemen
t system(Payment,
Resourcing)Nurse
Doctor
Admin-strator
Insurer/Payer
Structured data
Other information
Customizable UI aggregates
context and EMR
information
Automated
processes
(schedules, Rx,
ordering)
Notes, X-rays,
test results
Context
dependent
information pull
Role based access
through mobile app.
Highly regulated information
Context for decisions
Role based access control
Hospital
3
Cloud models can bring efficiency to information sharing.
15
Using Cloud power to scrub data and ensure secure access
Ontario e-health model, US Veterans Affairs Dept. VistA
Cloud PaaSSingle underlying architecture that allows users to access storage in multiple locations.
Provides single set of rules by which storage is accessed and modified
Will allow new vendors to quickly write software for niche markets such as digital imaging and Tele-Prescription refilling
Cloud PaaSSingle underlying architecture that allows users to access storage in multiple locations.
Provides single set of rules by which storage is accessed and modified
Will allow new vendors to quickly write software for niche markets such as digital imaging and Tele-Prescription refilling
Cloud SaaS(PHR/EHR)
Rx checker
Cloud IaaS
Compute powerProductivity Support Hosting Continuity Security Directory
Data management layer
Cloud IaaSStorage
Harmonized Patient records
Cloud IaaSStorage
Harmonized Patient records
?
Current uses of cloud services in health care
Region wideData repository
EHR for Surgeons
EHR for General practitioners
Test results?
Diagnosis?
Cloud services can decrease:
1. Time to serve. 2. Tele-medicine3. Prescription
filling 4. Medicine
cross referencing
Remote access medicine and specialties such as Brain trauma
Small to mid-sized healthcare providers that have high regulatory burdens can should evaluate cloud based
solutions.Single doctor practices are and example of a small business that
has all of the security concerns and costs of hospitals.
Small practices need:
1. Secure collaboration with other doctors, hospitals and diagnostic providers
2. Data and application sharing allows secure task management and patient data sharing.
PaaS can provide security and common language for collaboration applications.
PaaS can provide data scrubbing and access control for anyone.
This becoming increasingly popular as a method to enable bedside diagnostics and telehealth initiatives. In Canada it is part of the E-health initiatives that CIHI and each province is building.
Secure data share through PaaS
CareCloud offers an example of a Cloud PaaS based commercial solution
Core Platform as a Service (PaaS)
Communities
Patients and family
CareCloud PaaS contains the
security to ensure that both the data
and communications
are secure
Communities offers a “Private facebook” to share data with other doctors and hospitals
as well as with the patients themselves.
ChartsPatient records
Revenue cyclemanagement
Practice management
Single practice
CareCloudSaaS
offerings
Top application trends effecting Healthcare. Includes ideas that have firm basis/likelihood in the next 5 years
• These three represent changes to patient interactions
ECM
Predictive Analytics
Social Media
*in no particular order
Social media (Twitter, Facebook) has already modified how EMR/PHR are being shaped. Many medical specific versions are made (WebMD is a early example). Social media per se may not be a Healthcare application BUT
it effect the other technologies and how Healthcare providers interact with their patients
“Artificial Intelligence” e.g. disease predicators based on symptoms. In patients hands can provide guidance that will make DR visits more efficient. For hospitals it may provide a way to gain cost control by forecasting
Hosp. specific needs such as possible disease profile of patient populations or efficient deployment of resources
within the hospital. Business Intelligence (BI) or Enterprise resource planning (ERP) types of tech.
Single biggest disruptive tech.
Tele-medicine. Short term remote med. DR visits for patient in areas without doctors (e.g. the arctic). Long term remote presence surgery and/or Drug
dispensing.Has largest potential for transforming
healthcare delivery.
May change the internal HOSP/DR work patterns and efficiency
Mobility
Rich Internet Applications
Cloud Computing
*in no particular orderHas the ability to bring true mobility to healthcare.
Includes bedside testing with smaller blood chemistry, doppler, ultrasound and biomarkers analysis machines.
The applications that run this type of “nano” machinery exist as “full apps” the need is to develop
them as mobile/SaaS apps that can run on smartphones or tablets. Also full service housecalls
with access to previous tests and ability to test on the spot.
Related to mobility. This will increase access for both patients and doctors. Could lead to cost saving for hospitals over-time. Will certainly lead to higher
mobility for patients and more accurate records for patients when they move locations. SaaS applications
will allow smaller devices to run diagnostics “remotely” for a device.
Top application trends effecting healthcare delivery. Includes ideas that have firm basis/likelihood in the next 5 years
Conclusions
• Most healthcare organizations in Canada are already using cloud computing in some form.
• The three types of Cloud-based services address different layers of the IT stack. Hospitals can see the same use propositions as any business – reliability and lower capital costs.
• All cloud services have common key cautions and evaluation criteria that must be considered.
The key is to define cloud based on your information governance and management plans not on per cost to serve.
Info-Tech Research Group
Thank You
http://www.infotech.com
Please see us (booth 1025) or contact me ([email protected]) for a copy of this
presentation
Alignment Is Software • IT must align with business goals and objectives. • Applications are the intersection point between the strategic
and operational goals of the enterprise and IT.
Infrastructure Is Capacity– Applications in the Cloud are provisioned with processing,
memory, and storage.– The important business measure is cost per unit of capacity as
well as the cost per unit of capacity of risk mitigation and service levels.
Management Is the Differentiator– Software that efficiently manages the utility infrastructure for
business processes is a key value add. – Management software can also provide visibility into the Cloud
for compliance and performance monitoring purposes.
Three laws for evaluating Cloud solutions
Info-Tech Research Group
Are the healthcare delivery requirements being met?
– A Cloud is abstracted shared infrastructure, but it is the application hosted in the Cloud that enables the business.
– In the case of healthcare the best business case is mobile delivery. (e.g. Bedside diagnostics, telehealth)
– If the software is not meeting requirements it does not matter where it lives.
– This is especially true for EHR applications. Evaluate EHR based on service delivery to users and not device delivery.
How secure is the database and the transactions?
– What protocols can be used to retrieve and send data?
– How are patient records submitted by other users accessed?
– What's the latency, should we have a local copy of patient records?
Questions that need to be asked
Info-Tech Research Group
Five cautions about Cloud Computing
Security and accountability
Location, location
Availability and reliability
Data and application mobility
Unclear business model
Info-Tech Research Group
. . . but they can live in one.
Software-as-a-Service (SaaS)
Infrastructure-as-a-Service (IaaS)
Platform-as-a-Service (PaaS)
Info-Tech Research Group
These are not Clouds . . .
Looking ahead 3 to 5 years
Most see the Cloud as a future home for selected key applications and processes. More than a niche technology but not the future of all IT services.
n=124
n=123
Source: Info-Tech Research Group
“Embrace the Cloud”
Info-Tech Research Group
Most healthcare providers fall into this category.
Cloud available patient records are the key to many delivery mandates.
Business benefits of Cloud Computing Infrastructure cost savings and rapid application
deployment are the strongest reasons for evaluating Cloud solutions.
Significantly lower capital cost barriers to deployment compared to deployment scenarios in-house infrastructure.
Bottom line: It can be done cheap and it can be done fast.
9%
16%
22%
18%Performance requirements
Rapid flexible app dev
Business driven infrastructure cost savings
69%13%
73%5%
78%6%
IT driven infrastructure cost savings
6% 85%
Positive Effect
No Effect
Negative Effect
Source: Info-Tech Research Group
n=123
Info-Tech Research Group
Why caution lights, not red lights?
• A Cloud solution has to be evaluated in context of enterprise risk tolerance and service capability.
• In a rapidly evolving market, these are the issues which are likely to be addressed.
• Much depends on what is going to be put in the Cloud and for how long.
“For small organizations with standard business practices, cloud-based applications offer a tremendous cost savings . . . Larger organizations with specialized application needs and extreme security requirements will have trouble utilizing the cloud for significant parts of their operations.”
~ C-level Officer at a small Education organization
Info-Tech Research Group
NIST definitions of cloud computing
• Private cloud. The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g. all departments in single hospital but hosted outside of the hospital).
• Community cloud. The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g. Aligned hospitals (e.g. the provincial databases).
• Public cloud (3rd party vendors). The cloud infrastructure is provisioned for open use by the general public.
• Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g. Hospital owned EHR pulls data from provincial databases).
Shorthand Multi-tenancyElasticOn-demand
All clouds have these
features
Many organizations reluctant to adopt the cloud fear losing control over data and application management
20%22%
27% 27%
42% 42%
N= 51
Source: North American Study
Data control and application management are among the key reasons why organizations invest in internal cloud computing and hybrid services instead of relying on the external cloud.
It costs more to do nothing than to implement a comprehensive PUD
management strategy
0
20
40
60
80
100
120
140
Implement a plan for infrastructure-based PUD management, or face increased IT costs
Basic mobile device management with
desktop virtualization
recovers associated operational costs.
We didn’t aim to save money [with our PUD management solution], which was good. We wanted to break even and just make it [the user experience] more efficient.
- Gary Rankin, System Architect, Hamilton Health Sciences
WithMDM
(2)
MDM+AV(3)
MDM+DV(2+4)
MDM+AV+DV(3+4)
“Do Nothing” Budget Impact
(5)
+7%+14%
-1%
Assumptions:1. This model is a 200 end-user
company. Total IT operations budget is based on InfoTech’s Infrastructure TCO calculator example. See here for further details
2. Mobile device management (MDM) costs based on solutions that manage iPads and other tablets as well as smartphones.
3. Full PUD solution includes MDM plus application virtualization (AV).
4. Desktop virtualization (DV) costs were determined using InfoTech’s Desktop virtualization TCO calculator.
5. Budget over-run assumes no formal management of PUDs. This causes increased help desk costs due to end-user devices. The increased risk of data loss is also factored into this cost estimate and detailed here.
Budget Today
(1)
Infrastructure options that enable PUDs, subject to a range of control mechanisms
Effec
t on
IT O
pera
tions
Bud
get
+6%
+24%
Negative budgetary impact of additional risks and support costs.
PaaS is the highway that connects data to software
Software as a ServiceExample: Nightingale.come-health Patient records
Infrastructure as a ServiceExample: Provincial based central storage of health records
Platform as a Service
Ontario e-health has plans to develop a records storage and delivery
platform.
US Veteran’s Affairs just announced plans to release VistA as a opensource PaaS
Info-Tech Research Group
What do the audit certificates mean?
What are the designations? How does this ensure my data is safe?
• Cloud IaaS providers that have multiple audit certificates have high in-house levels of data protection and secure data center locations.
• These designations are accounting standards for both the physical and structural controls that a service organization uses to protect client data.
• SAS 70 Type II is a minimum standard which is being replaced internationally with SSAE 16. Both of these standards require a minimal set of physical controls to data center entry, control of access to client data, and disaster recovery planning.
• Safe Harbor requires a service organization to comply with EU law on privacy and third-party access to client data.
• PCI and HIPAA have many overlapping requirements with SAS 70 and Safe Harbor, but also require secure data transfer and encryption.
• Statement on Auditing Standard 70 Type II – SAS 70 Type II. Determines the standard of protection that IaaS vendors provide client data with respect to Sarbanes-Oxley compliance based on US standards.
• Safe Harbor certification. Certification that a IaaS vendor complies with EU privacy standards.
• PCI security certificate – Payment Card Industry.
• SSAE 16-Statement on Standards for Attestation Engagements 16. Similar to SAS 70 Type II but based on a global standard.
• Health Insurance Portability and Accountability Act-HIPAA compliance. Governs the storage and access to health information.
Who are the early adopters and reluctant changers?
• Early adopters– High turnover user population. – Have some level of geographic spread.– Based on these criteria have virtualized their infrastructure.
• Reluctant changers– Necessary change– Have expanded patient services faster than the current IT
infrastructure can manage.– Require quick fix to capacity issues.– Have or are moving non-patient compute tasks onto
commercial cloud resources.
Info-Tech Research Group
Exhibit 1: TCO Measures
Exhibit 2: Past SaaS Research - CRMInfo-Tech found that while implementers overwhelmingly agreed that SaaS was fast to be deployed, more than half (61%) disagreed with the statement that SaaS has lower overall TCO than on-premise solutions.
Low entry cost not the same as lower TCO
Initial Investment Year 1 Year 2 Year 3$0.00
$2,000.00
$4,000.00
$6,000.00
$8,000.00
$10,000.00
$12,000.00
$14,000.00
$16,000.00
$18,000.00
$20,000.00
Server Costs Onsite
Cost of Servers (Instances) in Cloud
Time
Cum
ula
tive
Cost
Source: Info-Tech Research Group
Info-Tech Research Group
Most businesses find no cost benefit to “cloud” alone. However consumerization presents a strong business case for specific Cloud
services.
Make you network cloud-ready
• Cloud apps & services will drive changes in network architecture – you’ll need more Internet
• Applications and services running on private cloud infrastructure rely on private enterprise LAN and WAN connectivity.
◦ As application and service density and centralization progress, LAN infrastructure must be able to switch accelerating volumes of network traffic.
◦ The good news is that CoS/QoS mechanisms are abound on private LANs and WANs – prioritizing network traffic is not only possible, it’s simple.
◦ As private network demand increases, costs escalate, but there are technologies and tactics to keep costs in check.
• Implement WAN optimization technologies to reduce bandwidth consumption and improve WAN performance.
• Use a MPLS WAN to prioritize traffic.
• Core LAN switching will likely need to be upgraded to accommodate virtual server density.
The Private Cloud Demands Private LAN/WAN
Top 10 trends affecting healthcare infrastructure.
1. Cloud Storage for Backup. Businesses are seeing real potential in cloud storage for handling the growing glut of backup and archival data storage. For healthcare this would mean longer and more detailed records for both forecasting patient population trends and individual records
2. 10 Gigabit Ethernet. It’s not new, but as enterprises invest more in converged and consolidated server and storage infrastructures, 10 gig’s time has come for a unified LAN fabric. Faster access WILL allow real-time data access everywhere in the hospital.
3. Multi-core Multi-threaded New Generation Processors. The capacity of industry standard servers has grown in order of magnitude in the past two years. What is doable in consolidation and virtualization has grown significantly. With the decreased power demands this will be the basis of smaller more powerful devices capable of running complex diagnostic programs
4. Consolidation-in-a-box Solutions. Convergence, consolidation, and virtualization are reversing decades of distributed systems back to centralizations. Vendors are seizing the opportunity to provide a one-stop shop for servers, switches, storage, and management.
5. Mobile Devices in the Enterprise. A rich and growing range of consumer devices – including tablets – and access-anywhere services continue to drive interest in all things mobile. On-demand, in-location healthcare delivery
More speculative Medical device Tech
6. Nano-devices. “Diagnostic pill”. The capability currently exists to monitor 100’s of protein or RNA markers in table top devices. The actual diagnostic part is approximately 1cmX1cm, the rest of the device is the compute resource to discriminate and identify individual proteins/RNA/DNA(biomarkers). If a bluetooth or 4G connection can be designed to connect the diagnostic element to compute power via Cloud Software as a Service (SaaS) or a mobile device. Biomarkers exist for a wide variety of diseases with an expansion of this repertoire (likely) will increase from novelty to reality.
7. Drug design and formulation. Computing power has greatly changed drug design and production. This in conjunction with the increased speed and accuracy of sequencing will eventually lead to “personal medicine”. Drug companies will be able to efficiently (read profitably) make small on-demand batches of drugs. The number of academic institutions with scientist capable of “ready-for-patient” drug production and formulation has increased to the point where for nano-batches of drugs it will be possible for hospitals to order custom drugs from their own facilities.