7 Critical Considerations for Healthcare Organizations
When navigating the due diligence process, ensuring accountability, understanding total costs, and exposing unknowns are essential to moving applications to the public cloud.
Shifting to the cloud is creating significant buzz in healthcare IT, leading many CIOs to consider freeing up data center space in favor of a public cloud option. Although cloud-based strategies have been used for smaller applications for some time, CIOs should be aware that broad, cloud-based enterprise application strategies are still relatively new in the healthcare industry — and require careful consideration of the benefits, costs, and risks.
“All this buzz about the cloud may be causing some anxiety for CIOs who feel like they need a cloud strategy,” said Zahid Rathore, Senior Vice President at Healthlink Advisors. “However, only a few health systems have taken their full enterprise application production environments into the cloud, so there is still a lot to learn about performance, total cost, and best practices. It’s critical to fully assess the risks and validate all the marketing claims before migrating mission-critical applications to the cloud.”
When considering application migration, healthcare CIOs should weigh the pros and cons across several vital areas, including:
1. Security and Liability
Enterprise software vendors won’t approve a cloud hosting approach unless the cloud services provider meets specific security requirements. But when it comes to limitations of liability, a healthcare organization will typically have no recourse with a cloud infrastructure provider.
“Most cloud providers say, ‘We just provide the hardware,'” said Rathore. “And because most healthcare organizations don’t have the internal resources to manage the cloud infrastructure directly, they choose to negotiate a contract with a managed service provider (MSP) — which means that the organization needs to make sure their MSP contract has the appropriate limitation of liability.”
2. Fees
Part of the allure of a cloud-based strategy is the ability to reduce data center space, improve disaster recovery performance, and shift infrastructure management responsibilities to a third party. But before putting a cloud application migration strategy into motion, it’s essential to understand how the organization will use the cloud service and how fees will be charged. The details are crucial, particularly regarding operating and capital expenditures and complex cloud usage agreements.
“To make sure it’s cheaper, you have to start with the end in mind,” said Rathore. “It is certainly convenient to spin up servers quickly as needed and shut them off when you don’t need them anymore, but most cloud providers charge reservation fees with penalties if you miss the reservation. They may also charge egress fees to take data out for use with other applications, and that can add up fast.”
3. Third-Party Licensed Software
Healthcare organizations also need to consider the cost of third-party licensed software products and clearly outline whether they or the MSP are purchasing them. Conversely, third-party licensed software may sunset if the MSP brings the licenses with them in the deal. “Most health systems use an MSP to deal with their cloud service provider, so the healthcare organization needs to figure out if it is more advantageous for third-party licensing software to be in its name or the name of the MSP. Some organizations have policies that don’t allow for pass-throughs with their MSP,” said Rathore.
4. Service-Level Agreements
Even a short cloud service outage that causes enterprise applications to go down can have devastating consequences for a healthcare organization — which is why robust service-level agreements (SLAs) are critical to any successful cloud strategy. “When a vendor needs to be engaged to fix a problem, SLAs outline who is accountable for what and specify a response time for each vendor,” said Rathore.
Healthcare organizations should also consider premium support options offered by MSPs and cloud providers, which may allow them to avoid the call center queue and access extra dedicated resources in case of a problem. “In some cases, it might make sense to spend more to get better service, and healthcare organizations can build this into their cost and governance structure,” said Rathore.
5. Predictability of Costs
Another allure of a cloud-based strategy is the belief that it will provide more predictable costs, primarily due to the healthcare organization’s ability to provision and deprovision resources as needed.
Most EHR vendors provide clients with a “road map” for planned updates and enhancements, but it is more difficult for healthcare organizations to predict the amount of cloud-based resources it will take to implement them.
“One thing healthcare organizations can’t predict is EHR compute requirements,” said Rathore. “When there are updates, and new functionality is added to the EHR, it can require additional compute resources that the organization, the MSP, or the cloud provider hasn’t accounted for in its cost projections.”
6. Performance Monitoring
When it comes to cloud performance monitoring, a “single pane of glass” solution that provides end-to-end tracking is ideal — but the reality is that no one can deliver a seamless solution.
“Healthcare organizations typically have two options: Engage their vendor or MSP in performance monitoring or build the skills in their internal IT team to monitor performance on their own,” said Rathore. “Each vendor or MSP has different bells and whistles that can be used to keep track of performance, but it’s not an end-to-end solution — you have to get it in the contract, be prepared to monitor performance internally, or use a third party who specialized in the management of these complex agreements.”
7. Ensuring Accountability and Clarifying Responsibility
RACIO (Responsible, Accountable, Consulted, Informed, Omit) is a commonly used acronym in IT circles and is critical to developing accountability around a cloud-based strategy.
“From the EHR vendor on down, there needs to be a clear understanding of who is doing what and who is responsible for solving problems that arise, which helps to avoid finger-pointing when something goes wrong,” said Rathore. “A RACIO matrix should be well-documented in the contract and governance structure.”
For Rathore and the Healthlink Advisors team, the goal is to help healthcare organizations think through their cloud-based strategy before implementation, so they can develop a plan that is as close to “bulletproof” as possible.
“Everyone in the industry is still learning, and until industry-wide best practices emerge, we can help organizations navigate the due diligence process by looking at their proposed cloud strategy comprehensively,” said Rathore. “Our strengths are ensuring accountability through RACIO and SLAs, exposing unknowns, and understanding costs to eliminate surprises during implementation and go-live.”
Zahid Rathore is Senior Vice President at Healthlink Advisors, a healthcare consulting firm committed to improving clinical innovation, business systems, and healthcare IT strategy, delivery, and operations. Our team has extensive experience developing IT solutions to support all aspects of health system operations, including cloud-based strategies. To learn how we can assist your organization, contact us at (888) 412-8686 or info@healthlinkadvisors.com.