Karuna P Joshi, PhD Research Asst. Professor karuna.joshi@umbc.edu
Increasing adoption of technologies such as Electronic Health Records (EHR) to capture clinical data Mandate by Health Information Technology for Economic and Clinical Health (HITECH 09) act Variety of Medical records data can be aggregated and analyzed to personalize delivery of healthcare BIG DATA - Huge growth in Medical/healthcare data in coming decade Cloud-based solutions are being adopted.
Electronic Health Records (EHRs) Electronic Medical Records (EMRs) Personal Health Records (PHRs) Payer-based Health Records (PBHRs) Electronic Prescribing (E-prescribing) www.critigen.com Medical Financial Billing/Administrative System Computerized Practitioner Order Entry (CPOE) Systems [1] Certification Commission for Healthcare Information Technology (CCHIT),
EHR,EMR Sequencing and Genotyping Majority of them run on public cloud providers Amazon, Rackspace, Microsoft, etc.
Medical data at present is very large in volume running to the order of terabytes (10 12 bytes) With the increasing adoption of digitized patient records and physician s notes, it has the potential of reaching peta (10 15 ) or even exa (10 18 ) bytes of data that in itself will be difficult to manage and analyze. Data currently resides in separate silos, which prevents it from being correlated and analyzed. Few healthcare providers can afford the infrastructure, both hardware and software, needed to collect, clean, curate, and analyze this data.
Latest paradigm for delivering IT resources or applications Service/Applications are stored/run on cloud and accessed by consumers via the Internet using Computers or Mobile devices. Eukhost blog Cloud based Services can provide analytics driven personalized medicine services Available to practitioners at the point of care. X as a Service : data storage, computing power, platform E.g. cloud based PACS, CareCloud cloud based EHR, Cloud based Medical billing services
Cloud services make data and computing capabilities portable, sharable, and accessible from any online device The objective of the HITECH Act. Significant cost savings and the option of avoiding capital investment for organizations. Elasticity: Can easily scale up or scale down their resources instantly and on-demand. Cloud services are OS-neutral, and usually easy to use. E.g. Click Care HIPAA compliant SaaS and iphone application.
Data security / Patient Privacy (attack by Hackers) Data ownership Auditing Cloud provider Compliance and Legal issues. Issues of regulatory compliance. Provider reliability What happens if Provider goes out of business? E.g. in 2001, GE Healthcare bought health records provider Encounter EHR and eventually ended up shutting it downgiving records holders 30 days notice to reclaim their data or lose it. Not Mature, standards still developing
HIS/RIS Medical imaging Real time sensors Collaborating medical teams Genome data Service Access POLICY Healthcare Cloud Medical Billing service Cloud data Access POLICY Online Communities PACS services Public data service EHR/EMR service
A semantically rich, policy-based framework can be used to manage Health IT on cloud. Identify the key policies that the Cloud service should comply with Hard constraints that have to be met - HIPAA compliant Soft constraints that can be negotiated - Cost, support Policies to be defined Technical policies OS, Hardware, Applications, Database Data / Security Policies Privacy Policies Compliance policies
Control level over the operating systems, hardware, and software. User, resource, and data requests threshold policies Cloud provider is internal within an organizationcontrolled data center or hosted externally. Compliance requirement The Health Insurance Portability and Accountability Act (HIPAA),1996 FISMA
Data/Cloud Location US jurisdiction Europe jurisdiction Globally located Data Deletion Archived Secure wipe Data Encryption Encryption Key management
Identity Management critical Authentication Mechanism ID/Password, SmartCard, PIN Data accessed via a mobile device / tablet requires more authentication Authorization Methods Limited Administrator Access Group Level Access Physicians, Residents, Nurses Need-to-know access Individual based
Monitoring of SLA critical to ensure performance and ROI Cloud support SLAs should include Availability timeframe of services Contingency (Business Continuity) plans Timeframes for notification and recovery Problem resolution and escalation procedures Scheduled maintenance times. We have developed an Ontology for machinereadable Cloud SLA (http://ebiq.org/r/344)
Patient Data access across services, across consumers Virtual Machine Separation Controlled Multi-tenancy Disclosure Risk Assessment Existing Data Inferred Data wsj.com
Cloud users confused by the plethora of cloud providers providing different pricing/service models. Developing commercial product to allow healthcare providers to automatically compare and contrast cloud offerings Allow users to prioritize their policy attributes like cost, security, cloud location etc. Part of TEDCO s Maryland Innovation Initiative award
System searches through over 100+ providers to determine best match for the users
Increasing adoption of cloud based IT services for Personalized Medicine (mandated by HITECH 09) A policy-based integrated framework to control the execution of Cloud based Health care services Declarative, semantically rich approach that helps specify policies to control the service Automate the execution and consumption of such services at point of care, protect patient privacy, and ensure compliance with appropriate policies An automated cloud based service will ensure that the physician can focus on the patient s health, and not be concerned with the IT requirements.
Contact: karuna.joshi@umbc.edu