Secure Cloud Computing Concepts Supporting Big ... Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D. Pehrson Director, Solutions & Architecture Integrated Data

Secure Cloud Computing Concepts Supporting Big Data in Healthcare

Ryan D. Pehrson Director, Solutions & Architecture

Integrated Data Storage, LLC

Learning Objectives

After this session, the learner should be able to: • Explain what “Cloud Computing” and “Big Data” means • Describe the business value of using the Cloud for Big

Data in Healthcare • Identify key regulatory considerations affecting storage

of data including PHI in the Cloud • Identify applicable risks and controls • Evaluate Cloud service providers and identify

opportunities for use of the cloud in the healthcare vertical

Context: Gartner’s “Nexus of Forces”

Social Mobile

Cloud Big Data

CLOUD COMPUTING THE TECHNOLOGY FOUNDATION FOR AGILE BUSINESS

Cloud Computing Defined

NIST Definition Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Attributes of Cloud Computing

5 Essential Attributes of Cloud Computing

• On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured service

3 Major Cloud Service Models

Software as a Service

Platform as a Service

Infrastructure as a Service Storage Compute Network

App Server Web Server

Email CRM Expense

DB Server

3 Major Cloud Deployment Models

Image Credit: VMware

Reliance on a Virtualized Datacenter

Memory Pool Storage Pool Interconnect Pool CPU Pool

Virtualized Pool of Resources

Underlying Physical Resources

Service Consumer B Service Consumer A

$.xx/GHz/Hr

$.xx/GB/Hr $.xx/GB/Mo $.xx/GB Transferred

Cloud Value Proposition

• Turn large capital expenditures into operational expenditures (Public / Hybrid)

• Pay only for what you use • Better allocate costs per application or

business service

• Better cost efficiency through resource sharing • Scale rapidly to match capacity to demand

Top Reasons Companies are Moving to the Cloud

• Proven Results • Rapid Development of new Products and

Services

• Supports a Variety of Business Needs • Makes Collaboration Easy • Better support for Big Data & Analytics efforts

Cloud Adoption in Healthcare

Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies

Cloud Adoption in Healthcare

Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies

Key Findings:

• Cloud Adoption Lags industry in Healthcare • 2 of the top 3 use cases are for productivity applications Discussion: • What is your company using the cloud for today? • What do you plan to use the cloud for tomorrow? • What are the key challenges you see for adopting cloud

in your organization?

Reality Check –Straight Talk

The Promises:

• Cloud Computing Will Save Money • Cloud Computing Simplifies Service Delivery • Performance in the Cloud is as Good or Better • Migrating to the Cloud is fast and turn-key • The Cloud is Secure

Source: CSC Report on Cloud Computing in Healthcare Environment. Published by HIMSS.

How to Proceed with Cloud

• Think big, but start small and then scale • Develop a Cloud strategy (Business and IT) • Work with your Enterprise Architecture team

to develop a roadmap based on enterprise capability and process models

• Understand your Options and Risks • Integrate your strategy with your company’s

capital expenditure planning and project portfolio management

Learning Test: Cloud Computing

A cloud computing environment in which the underlying resources are shared among multiple companies and operated by a third party is a

_________ Cloud.

Learning Test: Cloud Computing

The three major service models for cloud computing are: ______ as a Service, ______ as a Service, and _______ as a Service.

Learning Test: Cloud Computing

True or False:

Cloud Computing relies on a virtualized pool of shared resources in order to achieve efficiency

BIG DATA: PRODUCING MEANINGFUL INSIGHTS FROM THE MASSIVE VELOCITY, VARIETY, AND VOLUME OF DATA

The “Exaflood”

The Three V’s

Volume

•Data Size

Variety

•Data Sources

Velocity

•Speed of Change

The Volume, Variety, and Velocity of Data is increasing faster than the capacity or capability of current methods or systems of data retrieval.

Big Data Statistics from the Social Web

Source: HP Analyst Briefing

Big Data Technology

Big Data Analytics Technology Allows for: • Real-Time • Predictive • Agile • Contextual • Experimental • Structured or Unstructured • Bonding Relationships • … Across Information Silos

Traditional Information Management vs Big Data

Traditional

• Requirements • Data Warehouses /Marts • Document Use Cases • Centralized • Future reuse • Disciplined Design • Specific Data Structures • Better Decisions

Big Data

• Opportunities • Hadoop Clusters • Hunt for Useful Data • Widely Decentralized • Immediate Use • Experimentation • Any Data Structure • Better Insights

Big Data Requires

• Massively Scalable Compute • Massively Scalable Data Storage • Quality Input Data • New / Specialized Analytical Skillsets

Through 2015, organizations integrating high-value, diverse, new information types and sources into a coherent information management infrastructure will outperform their industry peers financially by more than 20%. - Gartner

The Big Data Opportunity

Big Data + AI Beats Traditional Care

Source: http://newsinfo.iu.edu/news/page/normal/23795.html

More Health Care Opportunities

• Social Medicine • Mobile Medicine • Evidence Based Medicine • Biomedical Informatics improve medical

research

• Improve Public Health Reporting • Smart EHR and Continuity of Care applications

– analyze and populate data from past records

The Big Data Opportunity

3 Obstacles to Big Data in Healthcare

• Data Security and Data Privacy Concerns • Specialized Skillsets and Availability of

Knowledgeable Resources

• Ability of companies to store necessary volume, variety, velocity of data

By 2015, demand for skilled Big Data employees will reach 1 Million jobs, but only 1/3 of those jobs will be filled – Gartner

What Does This Mean

• Most companies will not be able to build their own big data capability and therefore must consume resources from a third party provider

• Multi-tenant Big Data providers of will arise to provide more economical yet secure service to healthcare payers and providers

Learning Test: Big Data

1. The Three V’s: _______, _______, ________

2. IDC estimates that by 2020, there will be _______ Exabytes in the Digital Universe, but only ____% will be tagged or analyzed

3. Big Data requires _________ scalable compute and data storage facilities

SECURITY & COMPLIANCE: MAINTAINING SECURITY AND COMPLIANCE IN A CLOUD ENABLED WORLD

Regulatory Update

• HIPAA-HITECH Regulation (2013) • Clarifies Regulations of Business Associates (BA’s) and

Subcontractors • BA’s must have a Business Associate Agreement (BAA) with

Subcontractors • HIPAA Security and Part of HIPAA Privacy now apply to BA’s • Strengthens Patient Rights to receive copies of their

protected health information (PHI) • Regulations provide for much stronger penalties for

violations • Business Associates are directly subject to enforcement • State Attorneys General can now enforce HIPAA

Defining a Business Associate (BA)

A Business Associate is entity that creates, receives, transmits, or maintains PHI on behalf of a covered entity for purposes of:

• Data Analysis • Processing or Administration • Utilization Review • Quality Assurance • Billing • Benefit Management • Practice Management • And more…

Implications for Cloud Providers

• Third-Party Cloud Providers receiving or processing PHI are Business Associates

• Merely Selling or Providing Software to a Covered Entity does not give rise to a BA relationship if the vendor does not need access to the P