Leveraging a Hybrid Cloud Model for Better Healthcare Outcomes
Leidos recently hosted a thought leadership roundtable featuring members of the College of Healthcare Information Management Executives (CHIME) to explore hybrid models of cloud hosting by healthcare organizations. Chief information officers (CIOs), chief information and digital officers (CIDOs) and other digital health leaders discussed topics including cloud migration strategy, required infrastructure services, resource management and cybersecurity. CHIME President and CEO Russell Branzell moderated the roundtable. Contributing to the discussion were Leidos representatives Daniel Stoke (Chief Business Development and Growth Executive) and Mike Drew (Vice President, Client Partnerships).
CHIME members participating were:
- Aman Bhasin, Chief Information Officer, Canopy Health and BayHealth Development
- Zafar Chaudry, Senior Vice President, Chief Digital and Information Officer, Seattle Children’s
- Cletis Earle, Senior Vice President and Chief Information Officer, Penn State Health and Penn State College of Medicine
- John Kravitz, Corporate Chief Information Officer, Geisinger Health
- Sheree McFarland, Chief Information Officer – West Florida, HCA Healthcare
- Vincent Vitali, Regional IS Director, Swedish American, a division of UW Health
Cloud computing technology has transformed the business world and now shapes the contours of daily life for consumers. The COVID-19 pandemic only accelerated the trend toward a cloud-based economy, as millions of employees moved to remote work in 2020 and have yet to return to their former office locations. The healthcare industry has paralleled this general trend toward cloud-based operations, and digital health leaders at CHIME increasingly report using hybrid models that combine local data centers with cloud technologies. As leaders contemplate the promise of an imminent revolution in healthcare enabled by artificial intelligence (AI), cloud-based technology offers vast potential to increase interoperability, thus enabling frictionless data sharing and advanced analytics. This roundtable focused on envisioning new ways for healthcare providers and technology partners to collaborate on cloud-based models to improve care, cut costs, and address pressing challenges in digital health.
Current state of cloud hosting for healthcare organizations
Most healthcare systems currently use a hybrid model that combines cloud services with local data hosting. The balance between cloud and local hosting depends on a variety of factors including legacy apps, interoperability, and budgeting. Roundtable participants all reported that either their organizations were already almost entirely cloud-hosted, or they were actively moving away from local data centers toward more cloud hosting.
“Cloud is a directional goal for us: moving toward a full cloud infrastructure is in our future. It is just a matter of making it worthwhile,” said Vincent Vitali, Regional IS Director, Swedish American. “What are the right things to move? What should be private, what should be public? That’s where the hybrid comes in, of course. And what is the value proposition for different use cases and different workloads?”
“We’re about 30 percent cloud, and we have a four-year plan to go to close to zero footprint,” said John Kravitz, CIO of Geisinger Health. “We have a cloud-first mentality, so all new systems will go to the cloud.”
“HCA has a plan of roughly four years as well,” said Sheree McFarland, CIO-West Florida, HCA Healthcare. “The goal is to get as much as we can securely off-premises, but we will see how things go in the next year-and-a-half.”
“If you were talking only about traditional ERP and Microsoft, we would probably be at about 30 percent cloud,” said Cletis Earle, CIO, Penn State Health and Penn State College of Medicine. “But if you really take into account the fact that our systems are hosted almost everywhere and that most of those systems always sit somewhere else—public, private—we would probably be at 60% cloud.”
Taking into account private cloud hosting, some organizations have already moved almost completely to the cloud.
“We don’t have any data centers,” said Zafar Chaudry, CDIO of Seattle Children’s. “95% of our workloads are in the private cloud. EMR sits in the Virtustream cloud, 100 percent. I would see strategy to remain as a blend, though, 50/50. There are too many software companies that don’t understand how cloud works for healthcare applications.”
Digital health leaders starting new companies have the advantage of not having to consider legacy applications. “We started up about four to five years ago,” said Aman Bhasin, CIO, Canopy Health and BayHealth Development. “So, we started in the cloud from the ground up: I didn’t have any legacy apps to port. We have zero footprint on-premises. We’re doing data lakes and more.”
Primary drivers of migration to cloud
Leaders reported that a number of different factors serve as chief drivers for a move to cloud hosting.
- Economies of scale
- Time to market
- Cost reduction when applications can be retired
- Talent acquisition and retention
- Focusing on health care rather than the business of operating a local data center
Cybersecurity in the cloud
Most participants stated that cybersecurity was not a major factor in their decision to move to the cloud. Despite the challenges of maintaining good security with limited staffing resources and cyberattacks on the rise, leaders do not believe that all security problems can be solved simply by migrating data to the cloud.
“Our information protection team works very closely with our cloud team,” said McFarland. “But security wasn’t the driver of our move to cloud. Just having everything off-premises and in the cloud won’t be a guarantee.”
“It’s not only your data centers that you have to protect,” said Kravitz. “You’ve got your whole network, all your endpoints, all your touchpoints, everything else. And you are never going to be completely out of your data centers, so you have to protect those as well as the entire network.”
Still, participants acknowledged that the largest providers of cloud hosting (Amazon, Google, Microsoft) do have access to security resources far beyond those available to single health care systems. Bhasin pointed out that a decade ago, many digital health leaders raised objections to cloud storage because they felt security was inadequate, but today’s security environment is very different. “The industry has evolved, and we have grown to trust it more,” Bhasin said. “No matter how big the health system, they don’t have the resources that Amazon and Microsoft have to respond to threats 24/7.”
Moving data to the cloud can present other cybersecurity challenges, however. “We do have more functionality and less likelihood of going down,” said Earle. “But that won’t stop the attacks, and when the system does go down, we will need different strategies to recover. We can’t operationalize a paper-based recovery process when the data is offsite.”
“Security is one piece of the solution, but business continuity is another crucial one,” said Daniel Stoke, Chief Business Development and Growth Executive, Leidos.
Leaders emphasized a need for constant attention to security from multiple angles. “I will never assure my board that I feel comfortable,” said Chaudry. “Because the minute you do, you’re not going to be vigilant. Organizations will inevitably come under cyberattack, and some attacks will penetrate.”
Cloud hosting can add extra layers of security and additional resources but cannot serve as a one-stop solution to completely remove cybersecurity as an issue for individual providers.
Differentiators in major cloud-hosting partners
Healthcare systems have endless options available when it comes to third-party partners: that is, vendors who offer platforms-as-a-service (PaaS) and software-as-a-service (SaaS). But for raw cloud-hosting power, most leaders work with at least one of the gargantuan “second parties” (Amazon, Google, Microsoft) that control the lion’s share of the infrastructure-as-a-service (IaaS) market. When it comes to selecting which second party should be the chief partner, leaders frequently choose to work with more than one.
“I look at all three, because the stakes are too high not to hedge your bets,” said Earle. “None of the three will be perfectly dependable, so you can spread out the risk by using more than one. Additionally, some technologies require that you play in one of these fields rather than the others.”
“They all have different value propositions,” said Chaudry. “It can be challenging, though, to deal with the politics of working with all three.”
Bhasin reported that his organization gravitated toward a certain second-party hosting partner to best deploy existing staff skills. “When we did a re-architecture of our apps, we considered using the underlying services and the talent available to develop on them. The decision was talent-driven.”
Participants raised concerns that with a few very powerful players dominating the IaaS market, difficulties in coordination might arise for healthcare systems. The industry could face some of the same problems that nagged a previous generation’s conversion from mainframes to distributed networks, when massive computing corporations controlled the technology market in ways that echoed the dominance of today’s cloud infrastructure hosts.
Role of third-party providers
Some see third party SaaS and PaaS vendors as potential problem-solvers to bring about coordination among systems, because those large third-party tech companies have more negotiating power than single health care organizations.
“The system integrator sits in the middle and writes the contracts,” Chaudry said. “We really need that layer in the middle to hold the whole thing together.”
Other participants agreed that third-party vendors can provide the integration that so many digital health organizations are seeking.
“We need a third party to help us on the front end, operationally, and on the back end,” said Vitali. “The third-party vendor can manage relationships with the second-party hosts so we can work just with that third-party integrator. In addition, they can help with strategy, plan, design and architecture, as well as ongoing management.”
“The vision here is essentially outsourcing your cloud management,” said Russell Branzell, discussion moderator and CHIME CEO and President.
“Yes, the solution should be cradle to grave,” said Chaudry. “When I came to Seattle Children’s, we had hundreds and hundreds of vendors, and you cannot manage hundreds of vendors. Instead, the ideal would be to have a single vendor handling all cloud services for you.”
Other leaders agreed that the need for integration is paramount, but unfortunately, it’s often that exact need that third-party vendors cannot fulfill. “Companies often take us up to a certain point with their products,” Earle noted, “But they stop there, because they’re not able to help us with the last mile, which is integration and interfacing. If they don’t know our world, they can’t do that part.”
Bhasin agreed on the desirability of a single vendor to handle cloud services, with one addition. “The other piece where I think you need to look for a different provider is cybersecurity,” Bhasin said. “With all the testing, oversight, implementations and services, there are lots of nuances to manage. So, we have found it very helpful to have a third-party, outsourced, managed security firm.”
Raising the bar on digital customer service
Leaders agree that the retail consumer market has now surpassed the healthcare market in its digital consumer engagement and technological capabilities. As a result, consumers have higher expectations of their digital healthcare experiences.
Market forces may spur the healthcare industry to catch up to its retail peers.
“If I’m using Netflix, and Netflix is not providing the service I like or the content I like, I go somewhere else,” Vitali said. “You pay more and more as time goes on: a Netflix subscription was $7.99, then $9.99, now it’s $15.00. You are paying for a level of perfection. So why should we change our mindset for a subscription service, if we are doing it on a business level?”
“That is what my customers are telling me,” Chaudry said. “If you can’t give me the services you want, you’re fired.”
“We seem to be saying that competition in the cloud will enable healthcare customers to have the same retail consumer expectations that they have at home,” Branzell said.
Participants agreed, but with qualifications.
“It is not simple to get there,” Bhasin said. “That’s why the integrators, third-party developers, and middleware need to help us get there. We have to orchestrate it, but yes, we need to keep raising the bar.”
As digital health executives navigate various stages of their organizational transitions from local data centers to increased cloud hosting, they see clear benefits to migrating most data and operations to cloud-based models. Citing drivers such as economies of scale, agility, cost reduction, and staff resources, roundtable participants reported a desire to move to majority cloud-based systems. Some leaders of newer organizations unburdened by legacy technologies have already achieved full cloud-based models.
Cybersecurity remains an ongoing concern as threats rise, and leaders do see the technological expertise and talent pools of tech partners as an asset in cybersecurity, but with the caveat that effective security can only come from a collaborative effort between providers and partners.
The power of giant IaaS providers presents a potential obstacle to industry-wide coordination and progress (similar to the semi-monopolistic power of mainframe computing companies in previous generations). Healthcare systems will look to their third-party partners as allies in the quest to integrate systems and encourage collaboration and standardization, for the good of the healthcare ecosystem as a whole. Many in the industry share a vision that patients and consumers will benefit from market pressures toward easy digital engagement and access to information. To realize that vision of a more transparent, patient-friendly digital system powered by advanced technology, digital health leaders are asking for third-party partners to serve as system integrators who can expertly handle outsourced cloud management from A to Z. Such partners can overcome the challenges of legacy systems to produce consolidated, elegant solutions that place maximum focus of resources and efforts on the delivery of patient care and organizational performance.
This thought leadership roundtable article was written by Rosslyn Elliott, CHIME Editor, and brought to you by Leidos.
RETURN TO CHIME MEDIA