In the context of health care, cloud computing takes the digitization of patient data and other aspects of medicine one step further. Electronic medical records make the instantaneous transmission of patient health information - including both DICOM and non-DICOM images - possible, while also reducing the need for physical storage space. Cloud computing goes beyond this by also eliminating the need for onsite storage and management of electronic servers, thus reducing the amount of budget dollars that are dedicated to electricity and hardware. As for the collection and storage of information, keeping servers offsite allows health care providers to gather unprecedentedly large volumes of patient data, thus helping them to meet goals pertaining to analytics and population health.
Vendor neutral archives can be valuable for a cloud-based health information technology system because these tools are scalable and allow clinicians access to the information hub from anywhere they work within a facility.
As convenient as a cloud-based health IT system can be, providers need to make sure they only work with the most reputable and reliable vendors, according to attorneys who spoke at the Healthcare Information and Management Systems Society's recent annual meeting, as reported by AuntMinnie.com.
Asking the right questions will help
There are many reasons why proper vetting of a cloud-based vendor is essential, not the least of which is compliance with the Health Insurance Portability and Accountability Act. This is an important consideration in light of the fact that digitization has made patient information more accessible than ever before. Violations impact patients' privacy, as well as both providers' reputations and bottom lines. According to the American Medical Association, breaking HIPAA laws can cost between $100 and $50,000 per violation, regardless of whether providers were aware they did anything wrong.
Proper vetting of a vendor involves several processes. According to attorneys Steven Fox of Post and Schell and Lee Kim of HIMSS, business due diligence must be performed before any contract negotiations even begin. This means finding out who owns the business, reviewing references, consulting third-party surveys and knowing how the business plans to respond in cases when disaster recovery is needed.
Business due diligence also means learning how the software works, asking about earned certifications and viewing risk assessment reports.
"You basically just want to ask as many questions as you can to find out everything about the vendor's business," Fox said, quoted by the news source. "And if the vendor is hesitant or reticent and says, well, 'that's none of your business' or 'that's proprietary' or 'that's a trade secret,' then I would say that's not a vendor you really want to do business with, because they've got to be transparent and make you feel comfortable that your data is safe with them."
Once contract negotiations have begun, it is important to remember that providers view the contracts using their own lawyers because a hospital's expectations may not necessarily align with what the vendor promises. Contractual issues to pay attention to include scope of license, warranties, support and maintenance, definitions, limitations of the liability and indemnification, confidentiality and privacy, dispute resolution and more.
News brought to you by TeraMedica, Inc., leaders in healthcare enterprise imaging (VNA) solutions.