The healthcare industry is moving to the cloud in a big way and we applaud the move. Cloud economics will contribute to bending the healthcare cost curve, athough not nearly as much as creating a functional healthcare marketplace based on patient outcomes and transparent pricing (something we are not likely to see anytime soon).
Dr. Halamka does an excellent job in this post in making the argument as to why the healthcare industry has been slow (understatement) to adopt enabling technologies. Fundamentally, his argument can be summarized as a "structural" justification for slow adoption. The industry simply had no real incentive to adopt enabling technologies, the status quo worked just fine (not really) thank you very much.
However, now the industry is being pushed to change because of disruptive forces, not all of which are based on government incentives. So healthcare is being hit with a "perfect storm" of change and has decided to embrace cloud computing as part of its change strategy. The industry has not only embraced the cloud but put such as a bear hug on it that healthcare is now the fasting growing IT verticle because of it.
The movement of the healthcare industry to the cloud is unstoppable, but this should not obscure the real downside risks that must be managed as part of this process. Generally the risks are a direct result of losing control of mission critical applications and infrastructure (i.e. assuming the movement is to a public cloud as opposed to a private cloud, although many small covered entities and business associates will have little choice in the matter).
There are many areas of risk that need to be managed but this post will focus on a particular risk that is quite subtle, and will impact healthcare more than any other industry. If you are using a SaaS application on the public cloud you just lost control of your application rollout strategy.
Vendors Control the App Rollout Strategy in a SaaS World
There is nothing more disconcerting than to have a SaaS vendor entirely change the user interface and underlying process of what you do in a mission critical application. The first time you are faced with this issue will be a rude awakening into one of the ugly downsides of the SaaS model.
Vendors have a market need to continue to evolve their offerings or risk losing market share. Users on the other hand become quite comfortable in doing things in a particular way and often have the attitude of "please don't fix what isn't broken." Why? Primarily because we (as users) only have so much bandwidth and would prefer not to climb yet one more learning curve.
This problem is compounded in healthcare, especially with clinical applications. Why? Because mistakes in healthcare kill people and this kind of change to a work process is likely to cause mistakes. Sure, you will get some warning that the application is about to change, BUT your training schedule will have to conform to the vendor's rollout strategy, something that is not likely to set well with clinicians.
We have gone through this process several times and it has been painful on each occasion. That said, we are still huge believers in the cloud because its benefits out weigh the costs, but that doesn't obviate the fact that the costs are quite real.
Related Posts:
Looking for best of breed HIPAA Training?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?
A central pillar of that mammoth, $800 billion dollar legislation, of course, is devoted to digitizing the nation's medical records and rewiring healthcare for the 21st century...
The answer to this question is not as straightforward as it may seem because of the confusing jargon surrounding private clouds, public clouds, and community clouds. Here's a good overview of 
