Barriers to use of cloud-based software have become less pronounced with accelerated adoption among healthcare organizations. In a recent IDC Health Insights survey, nearly 42 percent of respondents said they were more comfortable with cloud computing in 2015 than they were the previous year. However, substantial risks remain, and a “first-generation” approach to cloud computing can still result in serious difficulties (and resulting provider/user rejection) if those risks are not mitigated.
With rapid adoption, there has been a rush of vendors to offer some version of cloud computing and capitalize on the increased acceptance. This has created a marketplace in which some service providers are providing environments that don’t live up to the benefits that cloud computing promises. This inexperience threatens to give cloud computing a bad reputation.
When considering which service provider to use, there are elements that can be explosive if not explored and addressed with your cloud provider. Ironically, the greatest benefits of cloud also represent the greatest risk if not handled appropriately.
So, how do you make sure you are set up for success? Here are four cloud barrier considerations and how to address them with your service provider to ensure you’ll experience the true benefits of the cloud:
1. The barrier: Performance
How to navigate:
Build performance criteria into your Service Level Agreement (SLA) with your cloud provider. Discussing input and output operations per second (IOPS) and putting it into your contract will help both you and the provider when performance feels compromised. On common workloads like running reports or logging in to the EHR, set reasonable expectations and ask for them to be written into the contract.
For instance, many clients want to be able to get from logon and into their EHR within a certain number of seconds. Discuss this expectation with your provider and stipulate a target in the SLA. Recognize that external factors may impact this measure, but try to get a target built into your agreement.
Another way to mitigate performance risk is to speak with references. Ask current, like-sized clients if their users experience slowness and how that’s handled by the service provider. Does the provider have a reputation for performance issues – where issues exist, do they handle them promptly and effectively?
Lastly, think about your practice’s extraordinary workflows – not things that happen every day. For instance, FQHC’s have significant reporting requirements at the end of each month. They must do this in order to keep their FQHC status. Private practices may have timing-specific payer processes that demand IT resources. Large, analytics-driven surgical practices may have substantial number-crunching work that has to happen in a narrow window outside of clinical hours. Ensure your cloud provider knows about these outlying instances and has a stipulation in the contract to provision resources appropriately for optimal performance.
2. The barrier: Security
How to navigate:
Require a Business Associates Agreement (BAA). This may seem like a no-brainer, but dig deeper with your cloud provider.
The smaller and newer cloud providers often outsource part of their delivery model, but deliver it to the practice as a complete solution. If these partners provide a piece of the puzzle that has direct access to your patient’s ePHI, you’ll need a BAA with them as well. We refer to these as “tiered vendors” and the result is a series of “embedded” BAA dependencies – dependencies you’ll need to understand if those third-party vendors have any access to your ePHI.
Specifically, inquire about off-shore partners. These firms are able to provide very inexpensive labor, but are not legally bound by a BAA and represent a serious risk if they’re able to access ePHI.
3. The barrier: Availability
How to navigate:
Include maintenance window details in your SLA. For public cloud providers that offer shared resources, custom maintenance windows may not be available and you may be at the mercy of the cloud provider.
Discuss the length, time and impact of scheduled maintenance with your service provider. For instance, if your practice sees patients on Thursday nights until 8 pm, don’t agree to an SLA with a standard maintenance window during that time.
Also, consider the cloud provider’s support availability and methods. What hours is support available? What is the average time to resolution (TTR)? How can your users access support? It’s becoming increasingly common that cloud providers offer support via email or web chat only. Removing the telephone option might mean increased wait times and decreased personal contact for your users.
4. The barrier: Switching costs
How to navigate:
Ensure your contract offers a reasonable exit clause, sometimes called “termination for convenience.” This stipulates that you, the practice, can terminate the contract at any time for any reason, if you are unsatisfied.
The contract should explicitly state how the provider will work with your new service provider and on what timeline.
In addition, the exit plan should also include details regarding system design ownership – what portion of the design belongs to the cloud provider vs. the practice.
Most importantly, include a stipulation that guarantees your data will be provided with meta-data. Meta-data contains information for the EHR that links all of the information for the next system. An export of core medical data, without meta-data, will require months of data re-entry and re-capture from patients.
Cloud computing is a complex service that pop-up-service-providers often try to make simple, at the expense of performance, availability or security. Effectively navigating your way through a cloud purchase can be the difference between satisfied or dissatisfied users.
If your cloud provider isn’t willing to provide the recommended stipulations, consider it a red flag and look into other options. One of the cloud’s greatest benefits is flexibility – ensure your practice is getting it.