This content is part of the Essential Guide: Navigating cloud computing regulations and compliance requirements
News Stay informed about the latest enterprise technology news and product updates.

Healthcare cloud: Providers need airtight security, HIPAA compliance

Dr. Peter Tippett, vice president of Verizon's healthcare solutions group, explains in this Q&A how a healthcare cloud can attract security-conscious customers.

The healthcare cloud has traditionally been a tough sell, thanks to the minefield of industry-specific compliance and security concerns plaguing prospective customers. But as more cloud providers develop services tailored to the needs of this vertical market and others, the healthcare cloud isn't such a remote opportunity anymore.

In this Q&A with, Dr. Peter Tippett, chief medical officer and vice president of Verizon's healthcare solutions group, explains what's preventing healthcare customers from adopting the cloud and how cloud providers can overcome those barriers.


Healthcare clouds didn't initially experience strong adoption due to customers' security and compliance concerns. Why should the cloud now be seen as a viable option for healthcare customers?

Dr. Peter Tippett
Vice President, Connected Healthcare Solutions, Verizon

Dr. Peter Tippett: You don't have a choice. Doctors are now among the biggest adopters of tablets and smartphones for mobility, and if you're using one of these devices, you're using the cloud.

The cloud and mobility … must work hand in hand, and the financial and usability considerations of the cloud are a home run for the healthcare industry. The cloud is working, and users -- doctors among them -- are using different applications when treating patients. [Applications] like electronic medical records (EMRs) … are easier and save time for both the patient and healthcare provider. 

What are some of the cloud security and compliance myths that have plagued the healthcare industry, and how can cloud providers help customers separate myth from reality?

Tippett: [Healthcare customers] have every reason to worry about [public cloud security]. Anyone can buy servers with a credit card, so anyone … can be using the very same servers [as a healthcare customer]. Whether the healthcare user is compliant doesn't really matter in a public cloud environment. Many large public cloud providers can't prove to users that the doors are locked [because] a big cloud provider has hundreds of doors. These [standard] offerings won't apply to a user looking for a unique box for each application or not wanting to share a server with another customer. Most of the rules people use on a compliancy checklist fly in the face of how clouds work.

But that doesn't mean [healthcare customers] can't be safe, secure and compliant -- it just means that they can't use their standard checklist. Healthcare customers shudder at the thought of most cloud environments because you are sharing memory and processors with other users. [Healthcare customers] really have to know what kinds of problems they want the cloud to solve and what applications should go to the cloud.  

More on the healthcare cloud

Can the healthcare industry leverage the cloud?

Healthcare industry inches slowly toward cloud storage

Using a cloud provider for medical image storage

Is the healthcare cloud a one-size-fits-all opportunity, or do the needs of large, multisite hospitals differ from the needs of smaller clinics?

Tippett: Small doctors' offices and ambulatory centers are almost certainly using EMRs that are hosted or in the cloud. Larger hospitals and medical facilities mostly are running their own data centers or storing information [including medical images and records] on-premises. But big hospitals are growing tired of running their own data centers and would be just as happy [moving data to the cloud]. Larger facilities are more afraid and need to know if [the healthcare cloud] is secure and compliant with the Healthcare Insurance Portability and Accountability Act (HIPAA).

What are some potential use cases for the healthcare cloud?

Tippett: The use of cloud is growing. Some healthcare centers cannot staff, for example, a radiologist at night. In this case, the medical facility can take medical images and put them into a cloud service where another [off-site] radiologist can read it, make a diagnosis and send [the analysis] back to the facility where the patient is located.

As long as the [cloud provider] can prove that the service meets compliance standards, I would say a lot of practices will shift this way.

What kind of broader strategy should cloud providers adopt to pursue healthcare customers?                                                            

Tippett: They must decide what their market is -- large or small healthcare providers -- and what kind of model they are looking for. Are you selling them a compute service for a fee, or are you selling software components that [the customer] might build into an overall solution? If [the cloud provider] is going to tap into a highly regulated space like healthcare, they must be willing to spend the extra money to make it beyond compliant, provable and third-party audited. No one will use it otherwise.

 Let us know what you think about the story; email: Gina Narcisi, News Writer.


Dig Deeper on Managed security for the cloud

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.