Striking out on my own ...

I've decided to bite the bullet and start a site of my own. That doesn't mean I won't be posting here anymore for Silverlining - it just means that my specific topic of Privacy is better suited to its own site with its own focus - Privacy not being everyone's cup of tea. 

This site is really designed to support the efforts and mindshare of the cloud community in the Boston area at large so I will use this space to talk about things going on specifically in the cloud community and if you want to see what I have to say or stay up on my research on privacy - you will find me at



PHI and PII - Opportunities or Challenges in the Cloud?

With the upcoming Cloud and Healthcare summit scheduled for a few short weeks from now I thought I'd post a bit within this important area that affects so many of us directly.

PHI (Protected Health Information) and PII (Personally Indentifiable Information) are essential security and privacy components of the new HITECH changes in HIPAA that are designed to protect information the government deems private and therefore protected.

What is new about all this is that the new regulations are tied to driving efficiencies in healthcare - partially through more efficient access to patient information or what is referred to as EHR - "electronic health records".  The trick of allowing freer access to information while still managing to adequately protect it is the cornerstone of this regulation. Embodied in the regulation are also "breach" notification requirements which requires healthcare entities to share breach information.

What does this have to do with cloud? Well that depends - cloud provides an ability to look at the efficiency problems of healthcare in a different way:

- Instead of building and maintaining their own Infrastructures - use the cloud. This reduces costs by shifting capital $'s to operating budgets and the cloud providers also provide the technical expertise allowing a heathcare provider to focus on heathcare and less on information technology.

- Look at Software-as-a-Service as a way to augment existing information technology and provide a way to ramp-to-the-cloud. Many existing applications are finding their way into the cloud as companies like Microsoft, Google, and Amazon try to atract healthcare developers. Products like Meditech and PACS Workstationare already accessible and usable over the Internet with many more being adapted and designed to inter-operate with other SaaS services. SaaS allows the provider to remove the requirement to manage and maintain the applications and infrastructure and having access to applications such as EHR or PACS subject matter expertise.

- Convert the existing data center facilities to a "private cloud" leveraging virtualization and technologies technologies. While this doesn't remove the ownership of the infrastructure from the provider it does allow the provider to maximize the efficiency and availability of the existing systems while keeping all the systems and information in-house.

- Consider a hybrid system - that puts the management infrastructure in the cloud while keeping the data inside the providers walls. This increases complexity and may be more costly than a SaaS pureplay yet may alleviate patient PII and PHI concerns.

The bottom line is this is a great time to look at ways to drive efficiency while protecting patients. Come to the Silverlining Cloud Healthcare summit on Ocotober 23rd to ask questions and meet some of the folks who are experts in Healthcare who have or are going to use the cloud to manage some of their information infrastructure.




Healthcare + Cloud = Convergence, Convergence =/not = Privacy?

One of my favorite past times is to read, whether it be fiction, blogs or tweets or web sites, scholarly texts, or the back of a cereal box. My other half is very tolerant because I'd be just as happy to be buried in some form of text as being out riding my motorcycle on a beautiful New England Day.

My favorite author du jour is Malcolm Gladwell because he writes like he sounds when he is speaking to an audience so I feel like I'm listening to him instead of just reading. I also like his books because his topics spur new ideas and notions for me to ponder.

In Gladwell's bestseller Tipping Point he writes about what it takes to push something over the edge and create a viral response or change. In his book Outliers he writes about what it takes to be successful and what I took away from it was there seemed to be a need for a convergence of things to happen to cause what statisticians call a "significant" change.

It seems to me that these two important notions are happening all around us with regard to privacy and healthcare. Much like any other industry healthcare has to improve its use of informatics to remain competitive and to continue the care we get.

Enter the cloud - the cloud portends to reduce capital expenditures and the ability to consume and pay for what you use fits better with the business needs of healthcare. Healtcare providers often have various cycles to deal with (aging population, H1N1 virus, local tragedies, etc) that normally they have to keep capacity for. So why not free themselves from needing to keep all that IT equipment, keep it up-to-date, and hire and manage professionals to maintain them?

Some providers have opted to outsource their IT functions to businesses like EDS who can come in and take over the staff and equipment and manage it for you for a fixed fee. This doesn't solve the problems of having over or under capacity when needed - it just means that for a projected workload it will cost a certain amount of $ that is predetermined and budgeted for. The end result is this may not be the most cost effective way to run the business and contracts are multi-year and hard to break. They also make it harder to be viral (pun intended) and react to changes in society or government.

This older model outsourced based did work well when it came to privacy because all the data and systems and processes are still the healthcare providers. What happens when you move all this to the cloud? Can a cloud model work for healthcare? What are the new risks associated with the cloud when it comes to healthcare privacy?

This is where convergence comes in - not only technological convergence but also public opinion and government actions/controls. Clinton tried to change the healthcare system and we got HIPAA, President Obama is trying to change healthcare again - and we shall see what comes of it because it still is very much playing itself out as this article highlights "Obama gets mixed reviews on privacy report card" which is mostly about his healthcare agenda.

Will the convergence of cloud and healthcare reform push us to a tipping point? We shall see - but if you are really interested come to the Silverlining Healthcare summit on October 23rd and lets talk about and spread the virus.