Building Future-Ready Healthcare IT Platforms: Get To The Cloud
•Descargar como PPTX, PDF•
3 recomendaciones•1,132 vistas
Cloud computing is a growing force in healthcare and offers clear benefits for organizations of all sizes. What is less clear to many organizations are the pros and cons of various cloud adoption strategies and how to successfully move applications and data to the cloud. Discover how cloud technology platforms can transform EMR implementations, digital image archiving and security. Through the use of real-world case studies, participants will learn effective change management strategies from a technical/operational/process perspective, as well as the pros and cons of various cloud models. Learn more: http://del.ly/Ckd9Dk
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (8)
Similar a Building Future-Ready Healthcare IT Platforms: Get To The Cloud
Similar a Building Future-Ready Healthcare IT Platforms: Get To The Cloud (20)
Más de Dell World
Más de Dell World (20)
Último
Último (20)
Building Future-Ready Healthcare IT Platforms: Get To The Cloud
- 1. Future-ready Healthcare IT Platforms: Get to the Cloud Andrew Litt, MD, Chief Medical Officer, Dell Healthcare and Life sciences 2013
- 2. Panelist David Tomlinson CIO/CFO; Centegra 2013 Bill Russell CIO; St. Joseph Health Ismelda Garza IT Director; Comanche County Medical Center
- 3. Moving beyond the cloud hype Enterprise cloud application revenues reached $22.9B in 2011 and are projected to reach$67.3B by 2016. Current Usage 2013 60% of server workloads will be virtualized by 2014. Global cloud traffic will account for nearly two-thirds of total data center traffic by 2016. Today 46% of business data stored outside of internal IT structures. Over the past three years nearly 74% of data centers increased physical server count. IaaS cloud management & security and PaaS are growing from $7.6B in 2011 to $35.5B in 2016. 24% 37% 39% Hybrid Private Public Projected Market Spend of $241 Billion by 2020 Source: Dell Customer Research, April 2013
- 4. Industry adoption varies Advanced Heavy Moderate Measured Lagging Gartner 2013 Adopting Private cloud PaaS and IaaS Community cloud and service providers Community cloud and SaaS Email and collaboration Panicky migration from vendor to provider Not much happening Public records, medical processes Industry Financial services Telecommunications Government Education High tech Energy and utilities Healthcare Retail Brokerage and messaging integration
- 5. Healthcare transformation in the cloud 2013 Healthcare and Life Sciences
- 6. Changing healthcare landscape 2013 Traditional IT still dominant 41.8% of a healthcare organization's IT budget is allocated to traditional IT deployment 2013 2017 Cloud IT multi $B market Although adoption is held back by regulatory initiatives and security concerns, the cloud market in healthcare is expected to grow to $5.4 billion by 2017 2015 Cloud IT growth accelerates Within two years' time traditional IT budget will decrease to 35.4%. Use of public cloud services will increase from 12.6% to 15.8%
- 7. Impediments to cloud adoption for healthcare providers Concerns that cloud providers will not continue to innovate Have not identified what our exit plan for cloud would be Have concerns about cross-border rules Have not yet created a service catalog for cloud services Unclear future and roadmap for cloud services No end-to-end service management strategy 2013 40 28.4 20.5 17.4 11.3 11.8 14.1 7 Have not yet developed a cloud roadmap Concerns over security and availability Source: IDC's Global Technology and Industry Research Organization IT Survey, 2012 (% of respondents)
- 8. Multiple regulatory requirements HIPA HITECH MEANINGFUL Health Insurance Portability and Accountability Act (1996) Security rules • 45 CFR 160 • 45 CFR 162 • 45 CFR 164 2013 USE American Recovery and Reinvestment Act – Health Information Technology for Economic and Clinical Health (2009) HIPAA Security Rule Plus • New civil money penalties for violations • Covered entities and business associates must comply • Breach notification obligation for breaches on or after Sept. 2009 Meaningful Use (2010) Risk Analysis • 45 CFR 164.308 (a) (1) • Core Measure 15
- 9. How can audits and penalties impact you 2013 Breach Notification Rule KPMG contract: Audits of 150 hospitals Fines and penalties
- 10. Challenges = cloud opportunity Improve quality of care Reduce costs 2013 Operate under high regulations Effectively manage IT resources
- 11. Why Cloud? Secure Flexible Simple 2013 • Manage specific environment on customer behalf • Facilitate aggressive implementation schedules • SLA easy to understand and implement (99.95% uptime) • Free up hospital IT resources to focus on service delivery and application implementation • Expect predictable outcomes with a choice of service levels for operational availability. • Choose disaster recovery options that allow you to meet Recovery Point Objectives and Recovery Time Objectives • Select add-on solution options to fulfill your specific requirements • Reliable & secure ISB backup, recovery, and tape administration • Highly secure and reliable network connectivity options offer HIPAA-compliant data encryption • System monitoring • Pre-defined server availability levels • Standard data administration procedures and tools
- 12. Dell cloud strategy for healthcare Hospitals Physicians Payers Life Science 2013 Healthcare cloud platform Strategic Pillars Establish an Interoperability Network connecting Healthcare Constituents Develop a Next Generation delivery mechanism based on a secure Cloud Platform that support derivative data driven solutions Integrate Current and Future Solutions through the cloud to deploy at scale 1 2 Archiving & Storage Reporting & Alerting Healthcare solutions Analytics 3 Other Electronic Medical Records Revenue Cycle Services Payers Solutions Data Management Security Other Mobility Interoperability
- 13. Dell Healthcare in the Cloud 50+ 29B customers supported with cloud-based HIS and DR 650,000+ 2013 6B+ diagnostic image objects managed by Dell in the cloud. Protecting medical images for 7% of US Population Security events MEDITECH Processed daily by Dell SecureWorks, a core component of the Dell Cloud Integration processes Per day with Dell Boomi, over 3Xs our nearest competitor 1st To market with the Dell OpenStack Solution More EMRs supported in a secure dedicated Healthcare Cloud than any other healthcare IT services provider $200M Dell achieved this by virtualizing 10,000 servers and reducing applications from 7,000 to less than 2,500 Dell’s Crowbar deployment, management and services saved by Dell 400K physicians and 500 individual practices supported by Dell’s physician hosting cloud solution
- 14. David Tomlinson, CIO/CFO Centegra 2013
- 15. Bill Russell, CIO St. Joseph Health, 2013
- 16. Ismelda Garza; IT Director Comanche County Medical Center 2013
- 17. 2013 Q&A
- 18. Let’s get started 2013 Visit the Solution Showcase to see our end-to- end healthcare solutions and services Gain hands on experience, see demonstrations at the Solution Showcase Schedule a visit to a Dell Solution Center near you: Austin • New York City • Washington D.C. Chicago • Santa Clara • Mexico City • Sao Paolo Go to www.Dell.com/healthcare
- 19. 2013
Notas del editor
- Corrine – What’s the source? The adoption of IT cloud services among healthcare firms is roughly at parity with all firms. However, there is a far greater (32.5%) percentage of healthcare firms evaluating IT cloud services for a specific workload or service compared with all firms (23.6%). This represents an opportunity for suppliers to help educate healthcare organizations about best practices and use cases for cloud adoption. Also increasing are private cloud deployments, both internal and external –changes how firms will procure services and solutions.
- Emphasize that these are common concerns across industries.
- A HIMSS survey of large healthcare organizations found that just 47% currently conduct annual risk assessments as of last year, which is part of the original HIPAA requirement. Fifty-eight percent of the respondents had no staff members dedicated to security, and 50% spent 3% or less of organizational resources on security. So, you’re certainly not alone if you have yet to implement and conduct periodic risk assessments. We wanted to show on this slide that Meaningful Use is really nothing new. The Security Rule has been around since 1996 in the original form of HIPAA. When the HITECH Act was developed as part of the American Recovery and Reinvestment Act, it applied some new extensions to the already existing rule. For instance, with HITECH, new breach notification rules were extended, mandating reporting of breach incidents to HHS for breaches that affect more than 500 people, and extending the rules to health care business associates. HITECH also implements a new tiered system that increases civil monetary penalties for noncompliance and also allows state attorney generals to file civil actions for HIPAA violations on behalf of a community’s constituents. The Meaningful Use guidelines, set out by CMS, cover measure 45 CFR 164.308, which sets out the requirement to conduct a risk assessment. This measure, in turn is part of a series of measures that encompass the full security rule from HIPAA. Meaningful Use can be thought of as HHS finally starting to get some sizzle to their steak in terms of enforcing and incenting providers to not only adopt EHR, but also to make sure that they are implemented in a way that supports the original HIPAA guidelines. How the risk assessments are conducted still has some flexibility built in, which adds some confusion to the environment. Many federal guidelines are often referred to such as NIST SP 800-66. Some of the basic questions that this guideline and other recommend that you should consider in implementing the security Rule are questions such as: Have you identified ePHI within your organization? – including ePHI that you create, maintain, or transmit. What are the external sources of ePHI? For example, do vendors or consultants create, receive, maintain or transmit ePHI? And, What are the human, natural, and environmental threats to information systems that contain ePHI? While risk analysis is a necessary component to reach and achieve the Meaningful Use requirements, it’s also a necessary tool to reach any sort of substantial compliance with many other standards and implementation specifications. So, although it’s a starting point, the risk assessment is really just a stepping stone to the complete compliance that will be required and continually enforced in the near future. The HIPAA Security Rule specifically focuses on the safeguarding of EPHI and is the most comprehensive guideline around protected health information. All HIPAA covered entities, which includes some federal agencies, must comply with the Security Rule. The Security Rule specifically focuses on protecting the confidentiality, integrity, and availability of EPHI, as defined in the Security Rule. The EPHI that a covered entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. In general, the requirements, standards, and implementation specifications of the Security Rule apply to covered entities including: Covered Healthcare Providers— Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which HHS has adopted a standard. Health Plans— Any individual or group plan that provides or pays the cost of medical care (e.g., a health insurance issuer and the Medicare and Medicaid programs). Healthcare Clearinghouses— A public or private entity that processes another entity’s healthcare transactions from a standard format to a nonstandard format, or vice versa. Medicare Prescription Drug Card Sponsors – A nongovernmental entity that offers an endorsed discount drug program under the Medicare Modernization Act.
- Since 2009, 435 healthcare entities reported data breach affecting over 20 million patients1 The average economic impact of a data breach over the past two years is approx $2.2 M 2. Nearly 40% involves lost/stolen portable media device containing unencrypted PHI Encrypted patient data is covered under Safe-Harbor In July of 2011, the HHS’ Office of Civil Rights (OCR) announced that they had appointed consulting firm KPMG to conduct up to 150 HIPAA audits of covered entities and business associates by the end of 2012, and the implementation of the audit program fulfills a compliance enforcement mandate of the 2009 HITECH Act. The KPMG contract enables OCR to put “feet on the street,” while retaining an oversight role in the process. Sue McAndrew, OCR’s deputy director for health information privacy, confirms that some audits could even result in OCR enforcement action. “Certainly, if we uncover in the course of the audit major violations or potential violations … we will be dealing with those … in the same manner we would through our formal enforcement process,” she said recently. Criminal and civil penalties can be levied against organizations and/or individuals for violations of HIPAA Privacy and Security Rules. Monetary penalties for a breach of HIPAA Privacy and Security Rules range from $100 to $50,000 per violation. In addition to all this, state attorneys general are now authorized to bring civil actions against HIPAA violators on behalf of state residents. These audits have already begun These audits will supposedly “initially offer comprehensive assessments of compliance with the HIPAA privacy and security rules rather than specific narrower issues.” While the projected number of 150 audits in 2012 makes the likelihood of an audit visit to your organization fairly low – keep in mind, OCR has a separate initiative underway to train State Attorneys General on the HIPAA audit process as well, so this is something that will likely become even more persistent and granular in the future. Organizations participating in the EHR “meaningful use” plan already have a compelling incentive to “conduct or update a security risk analysis” but with or without meaningful use, this is a mandatory requirement for all covered entities and business associates, taken verbatim from the HIPAA Security Rule itself. And as you may know, organizations are required to report breaches affecting 500 or more individuals to HHS, along with details of the breach – where the entire incident is then posted publicly on the HHS website on their so-called “wall of shame”. And a third factor is that OCR and States Attorneys’ offices now have the ability to penalize healthcare providers for failing an audit. This is level of scrutiny is not likely to dissipate anytime soon; if anything, there is more likelihood than ever that a breach or lack of risk management can have disastrous consequences. In addition to this trifecta of incentives to focus on security, there’s also the reality that breaches are happening every day. In fact 60% of hospitals had more than two data breaches in the past two years. This is likely because over 2 thirds of hospitals don’t have the proper policies and controls to detect and respond to breaches, according to a recent Ponemon research study. Since the data breach notification regulations by HHS went into effect in September 2009, 435 (as of 7/15/2012) incidents affecting 500 or more individuals have been reported to HHS, according to its website. A total of over 20 million individuals have been affected by a large data breach since 2009. The regulations require a covered entity that discovers a reportable breach affecting 500 individuals or more to report the incident to the HHS Office of Civil Rights immediately. A report recently released by Redspin, an IT security firm, states that data breaches stemming from employees losing unencrypted devices spiked 525 percent in the last year (2011) alone. This statistic confirms that devices, including laptops, tablets and smartphones, pose a very high risk for a data breach. Redspin reported that eighty-one percent of healthcare organizations now use smartphones, iPads, and other tablets, but forty-nine percent of respondents in a recent healthcare IT poll by the Ponemon Institute said that nothing was being done to protect the data on those devices. In a study published in 2011, the Ponemon Institute found that the cost of a data breach was $214 per compromised record and the average cost of a breach is $7.2 million. Encryption of PHI is a major step a provider or institution can take to secure its sensitive patient data. Encryption is the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key. According to a Guidance from HHS, if an entity encrypts its data in accordance with the National Institute of Standards and Technology standards for encryption, then any breach of the encrypted data falls within a safe harbor and does not have to be reported. This is an incredibly important safe harbor that could save an entity a lot of money.