By Arleen Thukral, MS, CCE, CHTM

Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the internet. Users need not have knowledge of, expertise in, or control over the technology infrastructure “in the cloud” that supports them.

Cloud Models

The cloud has three distinct service models: Software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS).

The most accessible level of cloud service models is SaaS. A company provides you with storage space, web analytics software and other tools that you can access from any internet-connected device. You don’t have to worry about updates or maintenance; it is all covered by the provider. Healthcare organizations are familiar with this model from electronic health record systems (EHR) vendors like Cerner and Epic. The software and maintenance are supported entirely by these SaaS EHR vendors.

Depending upon the implementation, the SaaS software can be a thin-, thick-, or smart-client (web-based model), but the data is not stored locally. Smart clients support work offline, i.e., they can work with data even when they are not connected to the internet, which distinguishes them from browser-based applications which do not work when the device is disconnected from the internet. Smart-clients’ applications have the capability to be deployed and updated in real time over the network from a server.

PaaS providers, by comparison, give users space and tools to build and test applications. A prime example is Google App Engine, which lets users build apps in a cloud-based space with their preferred coding language.

At the highest level of the cloud models is IaaS, which provides a massive amount of storage and servers through which users can build and utilize applications and software. With IaaS, users can avoid investing in expensive hardware and upgrade, or downgrade, their storage spaces as their needs change. With an IaaS service such as Microsoft Azure, for example, you can build an entire virtual private network that’s often more secure than a traditional one.

And because flexibility is one of the cloud’s biggest advantages over traditional hardware storage, you don’t need to purchase and install a new hard drive to get more space with an IaaS model. Whether you are looking to build an entire network infrastructure or just store a few files, the cloud is as big as you need it to be and it’s available everywhere you go. This is especially pertinent for medical datasets, which are enormous and often more than 100 TBs.

Cloud Computing Drivers

There is a significant increase in the digitization of medical records, resulting from the accelerating adoption of EHRs, as well as the increasing prevalence of digital outputs from scanning and monitoring devices, such as infusion pumps, bedside monitors, and ventilators. Cloud computing provides the flexibility and the potential for reduced costs for storing this voluminous and varied digital data in healthcare. Heavy capital expenditure can be avoided because IT resources are acquired on demand as needed and paid for as an operating expense.

Also looking from a healthcare-functionality perspective, cloud-based IT systems offer the potential for broad interoperability and integration. Healthcare-focused cloud services are internet-based and generally use standard protocols, so connecting them to other systems and applications is typically straightforward. Cloud services also support rapid development and innovation, especially for the Internet of Things (IoT) devices utilizing fast healthcare interoperability resources (FHIR) messages, which is a draft standard describing data formats and elements, and an application programming interface for exchanging health records electronically.

Cloud-based applications will empower the patient as well, by putting resources into their hands that will allow them to educate themselves, monitor their health, and store and share their health records. For example, SweetSpot Diabetes Care, Portland, Ore, takes data from web-enabled glucometers and enables patients to analyze, save, and share their glucose numbers with healthcare providers.

Security in the Cloud

Legacy system security can be unreliable and difficult to implement. They include the terminal, workstation, and browser.

When data is stored offsite in the cloud, employees, vendors, and visitors are physically separated from the company’s mission-critical data. This lack of physical access makes it more difficult for third parties to stumble across data and use it negatively. Thus, the amount of human risk decreases. In addition, cloud infrastructure is monitored 24×7. What’s more, cloud-service providers undergo yearly audits to protect against flaws in their security system; onsite, legacy security systems do not have this requirement.

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP covers more than five million assets of the world’s largest cloud providers and a third of the world’s internet traffic through their program. There are several FedRAMP-approved vendors, including Amazon (AWS) GovCloud, Microsoft, and many others. Review FedRAMP marketplace at marketplace.fedramp.gov for more vendor information. (As of this writing, there were 109 FedRAMP-approved cloud-service vendors and another 100 with applications filed and/or under review.)

Expectations & Outcomes

Looking ahead, the healthcare industry’s use of cloud-based services will continue to grow aggressively. Expectations for better outcomes, higher quality treatments, and more value from the healthcare services provided are increasing the need for healthcare digitization—and cloud computing is here to help!

Arleen Thukral, MS, CCE, CHTM, is a VISN 20 biomedical engineer at VA NorthWest Healthcare Network in Seattle. For more information, contact [email protected].