Adoption of healthcare cloud services is on the rise, but buyer beware

More and more businesses are operating in the cloud every year, with over half of Australian companies using cloud computing in 2019-20.

In healthcare, cloud service providers (CSPs) can help lower data storage costs, improve patient privacy and make information quicker to access. Aside from supporting compliance requirements, they can offer a connected digital ecosystem, unifying different clinical systems into a single, easily accessed platform. CSPs are also a cost-effective way to access new technologies and scale services more rapidly in the face of change.

It’s no surprise then that healthcare organisations are increasingly transitioning to cloud-based services to source processing, storage, software development tools and applications. The global market for cloud computing in healthcare is forecast to reach a colossal US$90.46 billion by 2027.

Understanding the risks hiding in healthcare cloud services

Yet this growth comes with risks. Healthcare providers were singled out for major cyberattacks in 2021 in Waikato and Queensland; commentators suggest that the sector is “facing a cyber-emergency”. And cyberattacks aren’t the only concerns in the healthcare cloud. Networks are not always fast enough, costs can spiral far higher than predicted, and navigating service level agreements can be a minefield. None of this means the cloud can’t work for your organisation – but it pays to do your due diligence before leaping into the arms of a cloud service provider, especially when it comes to cybersecurity and data privacy.


Choosing a CSP that respects healthcare data

Before you partner with a CSP, it’s vital to set the rules of engagement. You should review your aims and responsibilities, the role of the CSP and any gaps between the two. Risk will be shared between both you and your provider, but your organisation will ultimately remain responsible for the protection of your data, and you must take reasonable steps to ensure your partner complies with legislation.

A good CSP will be able to collaborate productively with you over legal, security and operational requirements, and both parties must understand what is required. How does your CSP ensure compliance? What is its track record in the health sector? What procedures does it have in place to deal with cyberattacks, and how will you and the provider manage data backups and encryption?

Considering the risks connected with email-borne phishing attacks, Internet of Things (IoT) devices and threats from both inside your organisation and via third parties (including your supply chain) will be an essential part of any assessment. A security risk management plan can offer a productive framework for assessing dangers and the controls required to manage them. And regular reviews of your CSP’s performance will ensure your requirements are still being met.

Evaluating the cost of ownership

Cloud services can offer real savings, allowing your healthcare organisation to reduce staffing needs and storage infrastructure. But moving from the upfront cost of managing your own data to an ongoing charge is not simple. You may find expenses soaring as your needs increase. Patching, backup and other security measures can ramp up costs further. Just signing with a CSP will involve a cost as you migrate services, and if you later move providers there will be further expenses.

All this means cloud computing may not be the bargain it first appears. However, CSPs are increasingly good at estimating their users’ requirements in terms of workloads, cybersecurity considerations and data points. A full and frank discussion of your needs with a reputable CSP, preferably one with experience in healthcare, can limit hidden costs and cut down the time it takes to make the transition. Audits and discussions with individual departments within your organisation can also help you prioritise immediate storage and access needs, and separate them from departments which can be transitioned in a slower, more cost-efficient way.

Making sure your CSP has the capabilities you need

You may want your CSP to support standard processes that aren’t particularly time sensitive – things like billing or admin work – or you may want them to support the critical data processes needed to save lives. In the case of the latter, having a network you can trust to deliver the right speed is essential, especially when latency and jitter could cripple crucial processes.

Similarly, if your cloud partner isn’t prepared for the volume of work your organisation handles, their performance will disappoint. Good CSPs, especially those that are used to working with healthcare organisations, should be able to store your data where you need it, and meet your access requirements. Be clear on what your business needs at the start, monitor deployment, and don’t be tempted to cut corners on budgets.

Setting a Service Level Agreement that matches your needs

Issues such as speed, volume and the availability of services should be covered in your SLA (Service Level Agreement). It’s a vital document that sets the terms of your relationship with your cloud partner. As well as the basic terms of the agreement, the amount of compensation offered (if, for example, the service is temporarily interrupted) is vital. Do the levels match up to how crucial individual cloud services are to your organisation? How serious would a particular app going offline be for you? How will breaches or disruptions be handled? How easy is it for you to back up crucial data, and what would the impact of a delay in accessing it be?

SLAs should be carefully reviewed and regularly reevaluated. Both your organisation and the world around it are changing – your CSP should be able to keep up.

Cloud services can be hugely beneficial – if you're aware of the pros and cons

Cloud computing can complement healthcare organisations superbly. But as with any technology, there are a few things to be wary of. Compliance, cybersecurity and network speed are among vital issues that you must plan for before entering into any agreement. The SLA governing them should match your businesses priorities, and official advice on cloud services for healthcare can be invaluable. The more crucial cloud services are to your company, the more carefully your relationships with CSPs should be scrutinised. The healthcare sector is evolving rapidly, and cloud services have a big role to play. Getting the right CSP can be a huge growth driver for your organisation, provided you’re fully aware of what they offer and how they fit in with your organisation’s goals.