Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC
Learning Objectives After this session, the learner should be able to: Explain what Cloud Computing and Big Data means Describe the business value of using the Cloud for Big Data in Healthcare Identify key regulatory considerations affecting storage of data including PHI in the Cloud Identify applicable risks and controls Evaluate Cloud service providers and identify opportunities for use of the cloud in the healthcare vertical
Context: Gartner s Nexus of Forces Social Mobile Cloud Big Data
CLOUD COMPUTING THE TECHNOLOGY FOUNDATION FOR AGILE BUSINESS
Cloud Computing Defined NIST Definition Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Attributes of Cloud Computing 5 Essential Attributes of Cloud Computing On-demand self-service Broad network access Resource pooling Rapid elasticity Measured service
3 Major Cloud Service Models Software as a Service Email CRM Expense Platform as a Service App Server Web Server DB Server Infrastructure as a Service Storage Compute Network
3 Major Cloud Deployment Models Image Credit: VMware
Reliance on a Virtualized Datacenter Service Consumer A Service Consumer B Virtualized Pool of Resources $.xx/ghz/hr CPU Pool Memory Pool Storage Pool Interconnect Pool $.xx/gb/hr $.xx/gb/mo $.xx/gb Transferred Underlying Physical Resources
Cloud Value Proposition Turn large capital expenditures into operational expenditures (Public / Hybrid) Pay only for what you use Better allocate costs per application or business service Better cost efficiency through resource sharing Scale rapidly to match capacity to demand
Top Reasons Companies are Moving to Proven Results the Cloud Rapid Development of new Products and Services Supports a Variety of Business Needs Makes Collaboration Easy Better support for Big Data & Analytics efforts
Cloud Adoption in Healthcare Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies
Cloud Adoption in Healthcare Key Findings: Cloud Adoption Lags industry in Healthcare 2 of the top 3 use cases are for productivity applications Discussion: What is your company using the cloud for today? What do you plan to use the cloud for tomorrow? What are the key challenges you see for adopting cloud in your organization? Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies
Reality Check Straight Talk The Promises: Cloud Computing Will Save Money Cloud Computing Simplifies Service Delivery Performance in the Cloud is as Good or Better Migrating to the Cloud is fast and turn-key The Cloud is Secure Source: CSC Report on Cloud Computing in Healthcare Environment. Published by HIMSS.
How to Proceed with Cloud Think big, but start small and then scale Develop a Cloud strategy (Business and IT) Work with your Enterprise Architecture team to develop a roadmap based on enterprise capability and process models Understand your Options and Risks Integrate your strategy with your company s capital expenditure planning and project portfolio management
Learning Test: Cloud Computing A cloud computing environment in which the underlying resources are shared among multiple companies and operated by a third party is a Cloud.
Learning Test: Cloud Computing The three major service models for cloud computing are: as a Service, as a Service, and as a Service.
Learning Test: Cloud Computing True or False: Cloud Computing relies on a virtualized pool of shared resources in order to achieve efficiency
BIG DATA: PRODUCING MEANINGFUL INSIGHTS FROM THE MASSIVE VELOCITY, VARIETY, AND VOLUME OF DATA
The Exaflood
The Three V s Volume Variety Velocity Data Size Data Sources Speed of Change The Volume, Variety, and Velocity of Data is increasing faster than the capacity or capability of current methods or systems of data retrieval.
Big Data Statistics from the Social Web Source: HP Analyst Briefing
Big Data Technology Big Data Analytics Technology Allows for: Real-Time Predictive Agile Contextual Experimental Structured or Unstructured Bonding Relationships Across Information Silos
Traditional Information Management vs Big Data Traditional Requirements Data Warehouses /Marts Document Use Cases Centralized Future reuse Disciplined Design Specific Data Structures Better Decisions Big Data Opportunities Hadoop Clusters Hunt for Useful Data Widely Decentralized Immediate Use Experimentation Any Data Structure Better Insights
Big Data Requires Massively Scalable Compute Massively Scalable Data Storage Quality Input Data New / Specialized Analytical Skillsets
The Big Data Opportunity Through 2015, organizations integrating high-value, diverse, new information types and sources into a coherent information management infrastructure will outperform their industry peers financially by more than 20%. - Gartner
Big Data + AI Beats Traditional Care Source: http://newsinfo.iu.edu/news/page/normal/23795.html
More Health Care Opportunities Social Medicine Mobile Medicine Evidence Based Medicine Biomedical Informatics improve medical research Improve Public Health Reporting Smart EHR and Continuity of Care applications analyze and populate data from past records
The Big Data Opportunity
3 Obstacles to Big Data in Healthcare Data Security and Data Privacy Concerns Specialized Skillsets and Availability of Knowledgeable Resources Ability of companies to store necessary volume, variety, velocity of data
By 2015, demand for skilled Big Data employees will reach 1 Million jobs, but only 1/3 of those jobs will be filled Gartner
What Does This Mean Most companies will not be able to build their own big data capability and therefore must consume resources from a third party provider Multi-tenant Big Data providers of will arise to provide more economical yet secure service to healthcare payers and providers
Learning Test: Big Data 1. The Three V s:,, 2. IDC estimates that by 2020, there will be Exabytes in the Digital Universe, but only % will be tagged or analyzed 3. Big Data requires scalable compute and data storage facilities
SECURITY & COMPLIANCE: MAINTAINING SECURITY AND COMPLIANCE IN A CLOUD ENABLED WORLD
Regulatory Update HIPAA-HITECH Regulation (2013) Clarifies Regulations of Business Associates (BA s) and Subcontractors BA s must have a Business Associate Agreement (BAA) with Subcontractors HIPAA Security and Part of HIPAA Privacy now apply to BA s Strengthens Patient Rights to receive copies of their protected health information (PHI) Regulations provide for much stronger penalties for violations Business Associates are directly subject to enforcement State Attorneys General can now enforce HIPAA
Defining a Business Associate (BA) A Business Associate is entity that creates, receives, transmits, or maintains PHI on behalf of a covered entity for purposes of: Data Analysis Processing or Administration Utilization Review Quality Assurance Billing Benefit Management Practice Management And more
Implications for Cloud Providers Third-Party Cloud Providers receiving or processing PHI are Business Associates Merely Selling or Providing Software to a Covered Entity does not give rise to a BA relationship if the vendor does not need access to the PHI in order to perform its service A vendor hosting software which contains patient information for a covered entity on its own servers IS a Business Associate of the Covered Entity Data Transmission Organizations, postal or telecommunications, who do not access, store, or maintain PHI, are not Business Associates
What This Means It is OK to work with cloud providers if you have done your due diligence Remember, patients will likely blame the provider or the payer in case of a breach Cloud Providers must sign a Business Associate Agreement and follow the HIPAA- HITECH regulations Cloud Providers must have Subcontractors sign a Business Associate Agreement
Security and Compliance Concerns for Cloud / Big Data in the Cloud Data Security / Data Privacy Compliance IT Governance Data Integration and Data Ownership Competition Bandwidth Skills, Training, Staffing
Risks and Controls Exercise Risk Data Security & Data Privacy Regulatory Compliance Governance Data Integration & Data Ownership Competition Bandwidth Skills, Training, Staffing Controls
Evaluating a Cloud Provider: Healthcare BAA: Will the Cloud Provider Sign a BAA? Does the Cloud Provider require subcontractors to Sign BAA s? Audit Support: Will the Cloud Provider support regular and random audits? Safeguards: Can the Cloud Provider detail and demonstrate physical, technical, and administrative safeguards? Reliability & Availability: Does the Cloud Provider have Financially Backed 24x7 Availability Guarantees? Appropriate Technical Redundancy and Replication? Interoperability and Flexibility: Is your traditional or cloud infrastructure interoperable with provider? Is it Hotel California? Foreign Nationals: Do any Foreign Nationals have access to PHI? The Nirvanix Gut Check Financial and Operational Health: Is this company destined to fail?
Learning Check: Security & Compliance True or False: Under the HIPAA-HITECH revisions in 2013, a Business Associate of a Covered Entity is directly accountable to HHS.
Learning Check: Security & Compliance True or False: A Postal Carrier who transports and delivers backup tapes containing PHI in an encrypted form is a Business Associate of a Covered Entity
Learning Check: Security & Compliance The Seven Key Risk Areas for Cloud Discussed in this Session are: 1. & 2. 3. 4. & 5. 6. 7., &
THANK YOU Ryan Pehrson Integrated Data Storage, LLC http://www.linkedin.com/in/ryanpehrson +1 312.334.6413