Healthcare is evolving with digitization, where it tries to improve the quaility of care, reduce costs and financial burden, the volume of available structured and unstrcutured data has grown exponentially (1). Because of the sheer volume, variety and speed of data sharing, managers in the healthcare industry are facing two main problems: storage and data analysis (2).
To mitigate the aforementioned issues, cloud computing and cloud-based analytics could be of use. Pointing out four potential key benefits of cloud-based technology for healthcare: improving quality of patient care, patient engagement, clinical research and clinical operations (3).
I will attempt to address four key challenges of deployting emerging cloud-based technology, managment, technology, security and legal aspects.
Users tend to have lack of trust in data security and privacy by users, organizational stagnation, loss of governance and the uncertainty the service provider will be compliant or not. Many customers are resistant to use cloud services due to the lack of trust towards the service when it comes to move sensitive, personal medical or health information where the service provider cannot guarantee the security and privacy effectiveness and efficiency (4). In addition, usability and user experience play an important role in management issues. For example, in a clinical setting where health smart cards are being used with personal identification numbers (PINs) associated with them, it might be difficult for old patients to remember them. Moreover, the health care professionals might be overwhelmed with using the new technology; the smart cards and smart card readers, which in return might hinder their workflow as clinicians (5).
In many organizations, it is difficult to change the culture and workflow that is already been practiced for a long period of time, thus stagnation and resistance towards adopting cloud computing and technologies occurs (4). Furthermore, the main deciding factors for customers to accept such new technology is the ease of access, usability and flexible configuration (6). A customer’s investment could be at risk if the service provider is not able to meet compliance regulations, such as standards or policy changes (4).
Two main features of cloud computing are low cost and on demand availability of computing resources. High competition plays an important role to attract customers, sell more services and increase the company’s market share. Therefore, service providers buy hardware with high specifications than needed, as a result to cut costs, they may limit some services or features. There are some cloud service providers that do not engage customers in designing their services and match their workflows, therefore they often do not meet customers’ expectations (4).
Data lock-in is a major issue, as well. In case service providers decide to shut down and discontinue their services, customers will be required to migrate their data to a different provider or an in-house IT environment. This practice could be difficult for a customer because not all environments and systems are not interoperable, which will not ease data migration (4).
Uploading and downloading large amounts of data from the cloud could be a tedious practice because the customer can risk slow-downs and bottlenecks in data rate transmission and bandwidth limitation (4). In addition, there is a risk for server failures, which can disrupt services to customers (7).
Cloud computing systems usually use REST-based application programming interfaces (API); Representational State Transfer is a software architecture that follows the web standards. However, cloud services for health care has no well-defined REST-APIs that is available for current practices and emerging services (6).
The top threats to cloud computing, according to the Cloud Security Alliance, are abuse use, malicious users, interfaces and APIs with limited security and account or service hacking (6). The hardware used for cloud computing is usually used by various customers. For example, if customers stored their data on virtual hardware and asked for it to be deleted, the data will not be completely, or thoroughly, deleted. Meaning that the data may be stored on the hard drive but not accessible. This security risk is increased when many customers use the same hardware resources, as third parties could access another customer’s hidden or deleted data (4).
Data must be secured while at rest, during a transfer and in use (8). Data encryption is very important in the realm of data management. This is a fundamental mechanism that cloud computing systems use to protect against data loss and theft, for example, by strong cryptographic encryption. This would allow a decreased risk of information leakage to unauthorized parties (4,5). Using cryptography allows protection of data transfers through standard communication protocols and public key certificates. Moreover, data encryption are only feasible with measures that use separate databases rather than shared ones (8). An example where cryptographic encryption could be used is on personalized, health smart cards. Nevertheless, the issue of who controls the cryptographic keys: the patient or the provider, still remains. In Germany, for example, patients have full power over their personal medical data, by law (5).
Two major concerns regarding legal issues are data jurisdiction and privacy issues. Cloud computing using many hardware resources where they are being located in different areas, and each jurisdiction has its own law and legislations regarding data security, privacy, usage and intellectual property. It is important for organizations to verify that the underlying infrastructure of the cloud service is secure, because these infrastructures are usually entirely owned and managed by external service providers (6). For example, the US Health Insurance Portability and Accountability Act (HIPAA) restricts companies from giving away personal health data to third parties that are not associated with that company. On the other hand, the PATRIOT (Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act allows the US government to request data needed for critical circumstances. In the case of commercial use, the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada restricts organizations’ authority to collect, use or release personal information (4). Overall, if customers are covered by regulatory acts, the providers have to prove that their cloud services meet the requirements and are fully compliant (6).
Another example of a privacy issue is poor breach notification. A proposal made by the PIPEDA for organizations to report data breaches to the Privacy Commissioner of Canada and to notify individuals that there are high chances of harm. However, the breach notification does not protect customers’ privacy (4).
Choo J, Park H. Customizing Computational Methods for Visual Analytics with Big Data. IEEE Comput. Graph. Appl. IEEE; 2013 Jul 1;33(4):22–8.
Groves P, Kayyali B, Knott D, Kuiken S Van. The big data revolution in healthcare. 2013 p. 1–22.
Petersen S. Business leaders, investors gauge healthcare big data’s prospects [Internet]. Available from: http://searchhealthit.techtarget.com/news/2240206351/Business-leaders-investors-gauge-healthcare-big-datas-prospects
Kuo AM-H. Opportunities and challenges of cloud computing to improve health care services. J. Med. Internet Res. 2011 Jan;13(3):e67.
Löhr H, Sadeghi A-R, Winandy M. Securing the e-health cloud. Proc. ACM Int. Conf. Heal. informatics - IHI ’10. New York, New York, USA: ACM Press; 2010;220.
Liu W, Park EK. e-Healthcare Cloud Computing Application Solutions : Comput. Netw. Commun. (ICNC), 2013 Int. Conf. 2013;437–43.
Kharat AT, Safvi A, Thind S, Singh A. Cloud Computing for radiologists. Indian J. Radiol. Imaging. 2012 Jul;22(3):150–4.
Jansen W a. Cloud Hooks: Security and Privacy Issues in Cloud Computing. 2011 44th Hawaii Int. Conf. Syst. Sci. Ieee; 2011 Jan;1–10.