JAMIA: Cloud computing, while constrained by regs, could make EHRs more appealing

Cloud computing - 53.18 Kb
The cost, complexity and inflexibility associated with traditional EHR systems continues to discourage some healthcare organizations from adopting them and although new approaches like cloud computing could eliminate those barriers to adoption, they are currently constrained by federal regulatory legislation and oversight, according to an article in the March issue of the Journal of the American Medical Informatics Association.

“Cloud computing is gaining acceptance as a model for business IT applications because of its potential to increase capacity and functionality on the fly without any major investment in infrastructure, personnel or software licensing fees,” wrote Eugene J. Schweitzer, MD, of the University of Maryland Medical Center in Baltimore. “The National Institute of Standards and Technology believes that government and industry should work to overcome the barriers and migrate to cloud computing because it offers the potential for massive cost savings.”

While cloud computing service providers can’t simply implement HIPAA-required security processes and technology, Schweitzer suggested that implementation would not be difficult. A concern with storing patient information on a cloud platform is that the cloud’s architectural design allows multiple customers to share infrastructure, services and applications, but Schweitzer believes that clear customer understanding of clouds’ security controls and clear business associate contracts can eliminate this concern.

As third-party contractors, cloud computing service providers would be required to enter business associate contracts with customers who store patient health information in the cloud. Schweitzer said that these contracts should detail service levels, establish legal liability for breaches and specify that the cloud provider is not to access the patient information.

Schweitzer added that, while it might be tempting for providers to enroll in online EHR applications and enter business associate contracts on their own, they should seek legal counsel before putting patient information into a cloud.

“A worst case scenario for a healthcare provider could result by clicking through a series of friendly EHR sign-up screens and unwittingly agreeing to release the cloud provider from all financial responsibility for a security breach,” he wrote. “Far better for the EHR client to have legal counsel negotiate a detailed, meaningful business associate contract with the cloud.”

Schweitzer concluded by saying that cloud providers are already developing privacy and security standards for patient health information and cloud computing designs can help the federal government meet its expressed goal of enhancing patients’ access to their records, improving data exchange and reducing healthcare costs.

Read the article in its entirety here.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.