beawolf - Fotolia

Healthcare's public cloud adoption highlights market's maturity

The healthcare sector is the latest to show it's ready to embrace the public cloud amid greater familiarity and improved security from the major providers.

The healthcare industry has increasingly warmed to the public cloud -- yet another sign of the maturation of a...

technology that would have been a nonstarter for most companies in that sector just a few years ago.

Healthcare often lags in adoption of newer IT, and its views on cloud computing have been no different. But public cloud adoption has accelerated, as healthcare companies get comfortable with the technology, and providers such as Amazon Web Services (AWS) make concerted efforts to prove their platforms are safe and reliable.

Arterys, a San Francisco company that provides cloud-based imaging and analysis for MRIs, built its technology on AWS and has seen attitudes change in terms of how hospitals look at the public cloud since it began selling its services in 2013.

"It was excruciatingly painful [early on]," said John Axerio-Cilies, Arterys' CTO and co-founder. "You have no idea how many meetings I'd go into with the councils and review panel for security and regulatory IT, and as soon as we talk public cloud, the meeting would just end."

That sentiment largely remains in Europe, but in the U.S., Arterys could break customers' resistance by providing something hospitals couldn't offer at a local workstation and by keeping personally identifiable information within the hospital network, Axerio-Cilies said.

The company still goes into hospitals that haven't used public cloud, but their concerns are reduced these days because of employees' familiarity with cloud products, such as Box, Salesforce and Gmail.

Cloud providers have added all sorts of tools to address security concerns, including encryption of data at rest and in transit, key management services, Health Insurance Portability and Accountability Act (HIPAA) compliance for various services, and business associate agreements that protect personal health information.

In January, Microsoft Azure achieved HITRUST CSF certification, a widely recognized security accreditation in the healthcare industry. That move played an important role for Nuance Communications Inc., which supplies speech products to two-thirds of the physicians in the U.S., to move its newest Dragon Medical One application to Azure.

"You have to have the right procedures, policies and controls in place to make sure you know who is accessing what and what they're doing with it," said Joe Petro, senior vice president of engineering at Nuance, based in Burlington, Mass. "That's a relevant question no matter where it is."

Once those security concerns were addressed, the decision for Nuance came down to the same factors that have motivated companies in other industries to pursue public cloud adoption.

"We started to talk about uptime, disaster recovery, security and ask ourselves some really hard questions, from a long-term point of view," Petro said. "Do we want to develop expertise to actually run first-class data centers and maintain all the different issues associated with it? ... Would we ever be as good as someone who does this as its core competency?"

Nuance today has about a quarter of its workloads on Azure, but more than half its workloads will soon be there.

Healthcare cloud adoption is a familiar pattern

More healthcare companies have made this shift, said Chris Wegmann, managing director of the AWS business group at Accenture, based in Dublin. "They're where financial services were 15 months ago."

The banking industry likely provides a good roadmap to predict how the healthcare industry will cozy up to public cloud.

Many major financial firms were reticent to leave their own data centers, but that changed when Capital One started to tout AWS two years ago. Since then, nearly every major financial institution has publicly endorsed the public cloud for certain uses.

"They're seeing their peers start to do it, and so they start to follow along," Wegmann said. "Each industry, when they've jumped into these public clouds, it takes six months or so to get their heads around it. And now, we're just starting to see healthcare do it, too."

While banking has consolidated into a handful of players, the healthcare industry remains fragmented. There are varying levels of public cloud adoption in subsets, such as traditional providers, insurers, healthcare technology, biotech and pharmaceuticals, but the greatest push has been among software-as-a-service companies that build software for more traditional healthcare providers.

People are starting to realize some of the fear around security is cultural and not really fact-based.
Kate McCarthyanalyst, Forrester Research

In particular, there has been a major push from third-party vendors that ingest data from disparate sources to provide interoperability for analysis on various systems of record, said Kate McCarthy, an analyst at Forrester Research. Those vendors also will add a governance layer to meet healthcare industry standards that go beyond what's provided by the public cloud vendors, even as many healthcare companies realize the cloud is largely just as safe as their own data centers.

"People are starting to realize some of the fear around security is cultural and not really fact-based," McCarthy said.

The next shift to watch for is around harnessing unstructured data, which will open the doors to a host of insights and cloud-based engagement tools, McCarthy said. That push will come because it's expensive to replace servers for big data lakes on premises, and the size of the data sets exceeds the capacity available to most hospitals and healthcare providers.

Barriers to public cloud adoption remain

There are still limitations on how healthcare companies adopt public cloud. Business associate agreements remain a major hurdle for many healthcare providers, and questions about the cloud often focus on a specific problem, rather than a holistic shift or hybrid approach, McCarthy said.

Many healthcare providers face budgetary constraints that prevent a major shift to cloud, and they also have to satisfy many stakeholders. There's also a lingering distaste from the government-mandated shift to electronic medical records and the terrible user interfaces that often accompanied those moves, McCarthy said.

"You're asking people who feel like they just went through some degree of hardship to trust you to give them something better, and we don't have a history of doing that in healthcare," McCarthy said.

One area to watch is how far the public cloud providers will go to address the needs of the healthcare industry and how much of that legwork they'll leave to their partners.

In the past, IT companies have built tailored services for various industries, and that has begun to crop up in the cloud market with products such as AWS GovCloud for the public sector, IBM Cloud for Financial Services and GE Predix, a platform-as-a-service (PaaS) offering targeted at the industrial sector.

In healthcare, IBM also has Watson Platform for Health, a PaaS offering, and Virtustream this week rolled out Virtustream Healthcare Cloud. The Virtustream offering can be run on premises or in the company's public cloud, and it provides a collection of managed services and industry-specific and regulatory-compliant tools, including a new electronic medical records service.

But it's unclear if and when any of the so-called hyperscale cloud providers will roll out a cloud tailored to healthcare. Market leader AWS hasn't indicated plans to go that route, but it has taken steps to make its product more amenable to that market. AWS has already added a healthcare and life sciences category on its reseller site. And this month, it made Amazon API Gateway, AWS Direct Connect, AWS Database Migration Service and Amazon SQS HIPAA-eligible services. That brings the total number of AWS' HIPAA-eligible services to 15, though that still only represents about one-sixth of its total portfolio.

Arterys builds all its services from scratch and tries to get as close to bare metal as possible because of its dependence on performance. It wouldn't want to rely on a managed version of AWS tailored to healthcare providers, but some companies might see value in it, Axerio-Cilies said.

"It depends on the type of company you're running," he said. "We won't use a healthcare cloud or managed service PaaS-type thing just because [that's] very specialized, but if I was creating an app taking insurance claims and posting to a website, then there is value in those types of healthcare-based clouds."

Trevor Jones is a news writer with SearchCloudComputing and SearchAWS. Contact him at [email protected].

Next Steps

Four reasons hospitals should evaluate cloud-based security tools

Healthcare cloud adoption improves storage, mobility efforts

Competition heats up in public cloud landscape

Despite doubts, Health IT is going all cloud

Dig Deeper on Cloud computing standards and compliance