Top Banner

Click here to load reader

Secure Cloud Computing Concepts Supporting Big ... Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D. Pehrson Director, Solutions & Architecture Integrated Data

Jun 25, 2020




  • Secure Cloud Computing Concepts Supporting Big Data in Healthcare

    Ryan D. Pehrson Director, Solutions & Architecture

    Integrated Data Storage, LLC

  • Learning Objectives

    After this session, the learner should be able to: • Explain what “Cloud Computing” and “Big Data” means • Describe the business value of using the Cloud for Big

    Data in Healthcare • Identify key regulatory considerations affecting storage

    of data including PHI in the Cloud • Identify applicable risks and controls • Evaluate Cloud service providers and identify

    opportunities for use of the cloud in the healthcare vertical

  • Context: Gartner’s “Nexus of Forces”

    Social Mobile

    Cloud Big Data


  • Cloud Computing Defined

    NIST Definition Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

  • Attributes of Cloud Computing

    5 Essential Attributes of Cloud Computing

    • On-demand self-service • Broad network access • Resource pooling • Rapid elasticity • Measured service

  • 3 Major Cloud Service Models

    Software as a Service

    Platform as a Service

    Infrastructure as a Service Storage Compute Network

    App Server Web Server

    Email CRM Expense

    DB Server

  • 3 Major Cloud Deployment Models

    Image Credit: VMware

  • Reliance on a Virtualized Datacenter

    Memory Pool Storage Pool Interconnect Pool CPU Pool

    Virtualized Pool of Resources

    Underlying Physical Resources

    Service Consumer B Service Consumer A


    $.xx/GB/Hr $.xx/GB/Mo $.xx/GB Transferred

  • Cloud Value Proposition

    • Turn large capital expenditures into operational expenditures (Public / Hybrid)

    • Pay only for what you use • Better allocate costs per application or

    business service

    • Better cost efficiency through resource sharing • Scale rapidly to match capacity to demand

  • Top Reasons Companies are Moving to the Cloud

    • Proven Results • Rapid Development of new Products and


    • Supports a Variety of Business Needs • Makes Collaboration Easy • Better support for Big Data & Analytics efforts

  • Cloud Adoption in Healthcare

    Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies

  • Cloud Adoption in Healthcare

    Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies

    Key Findings:

    • Cloud Adoption Lags industry in Healthcare • 2 of the top 3 use cases are for productivity applications Discussion: • What is your company using the cloud for today? • What do you plan to use the cloud for tomorrow? • What are the key challenges you see for adopting cloud

    in your organization?

  • Reality Check –Straight Talk

    The Promises:

    • Cloud Computing Will Save Money • Cloud Computing Simplifies Service Delivery • Performance in the Cloud is as Good or Better • Migrating to the Cloud is fast and turn-key • The Cloud is Secure

    Source: CSC Report on Cloud Computing in Healthcare Environment. Published by HIMSS.

  • How to Proceed with Cloud

    • Think big, but start small and then scale • Develop a Cloud strategy (Business and IT) • Work with your Enterprise Architecture team

    to develop a roadmap based on enterprise capability and process models

    • Understand your Options and Risks • Integrate your strategy with your company’s

    capital expenditure planning and project portfolio management

  • Learning Test: Cloud Computing

    A cloud computing environment in which the underlying resources are shared among multiple companies and operated by a third party is a

    _________ Cloud.

  • Learning Test: Cloud Computing

    The three major service models for cloud computing are: ______ as a Service, ______ as a Service, and _______ as a Service.

  • Learning Test: Cloud Computing

    True or False:

    Cloud Computing relies on a virtualized pool of shared resources in order to achieve efficiency


  • The “Exaflood”

  • The Three V’s


    •Data Size


    •Data Sources


    •Speed of Change

    The Volume, Variety, and Velocity of Data is increasing faster than the capacity or capability of current methods or systems of data retrieval.

  • Big Data Statistics from the Social Web

    Source: HP Analyst Briefing

  • Big Data Technology

    Big Data Analytics Technology Allows for: • Real-Time • Predictive • Agile • Contextual • Experimental • Structured or Unstructured • Bonding Relationships • … Across Information Silos

  • Traditional Information Management vs Big Data


    • Requirements • Data Warehouses /Marts • Document Use Cases • Centralized • Future reuse • Disciplined Design • Specific Data Structures • Better Decisions

    Big Data

    • Opportunities • Hadoop Clusters • Hunt for Useful Data • Widely Decentralized • Immediate Use • Experimentation • Any Data Structure • Better Insights

  • Big Data Requires

    • Massively Scalable Compute • Massively Scalable Data Storage • Quality Input Data • New / Specialized Analytical Skillsets

  • Through 2015, organizations integrating high-value, diverse, new information types and sources into a coherent information management infrastructure will outperform their industry peers financially by more than 20%. - Gartner

    The Big Data Opportunity

  • Big Data + AI Beats Traditional Care


  • More Health Care Opportunities

    • Social Medicine • Mobile Medicine • Evidence Based Medicine • Biomedical Informatics improve medical


    • Improve Public Health Reporting • Smart EHR and Continuity of Care applications

    – analyze and populate data from past records

  • The Big Data Opportunity

  • 3 Obstacles to Big Data in Healthcare

    • Data Security and Data Privacy Concerns • Specialized Skillsets and Availability of

    Knowledgeable Resources

    • Ability of companies to store necessary volume, variety, velocity of data

  • By 2015, demand for skilled Big Data employees will reach 1 Million jobs, but only 1/3 of those jobs will be filled – Gartner

  • What Does This Mean

    • Most companies will not be able to build their own big data capability and therefore must consume resources from a third party provider

    • Multi-tenant Big Data providers of will arise to provide more economical yet secure service to healthcare payers and providers

  • Learning Test: Big Data

    1. The Three V’s: _______, _______, ________

    2. IDC estimates that by 2020, there will be _______ Exabytes in the Digital Universe, but only ____% will be tagged or analyzed

    3. Big Data requires _________ scalable compute and data storage facilities


  • Regulatory Update

    • HIPAA-HITECH Regulation (2013) • Clarifies Regulations of Business Associates (BA’s) and

    Subcontractors • BA’s must have a Business Associate Agreement (BAA) with

    Subcontractors • HIPAA Security and Part of HIPAA Privacy now apply to BA’s • Strengthens Patient Rights to receive copies of their

    protected health information (PHI) • Regulations provide for much stronger penalties for

    violations • Business Associates are directly subject to enforcement • State Attorneys General can now enforce HIPAA

  • Defining a Business Associate (BA)

    A Business Associate is entity that creates, receives, transmits, or maintains PHI on behalf of a covered entity for purposes of:

    • Data Analysis • Processing or Administration • Utilization Review • Quality Assurance • Billing • Benefit Management • Practice Management • And more…

  • Implications for Cloud Providers

    • Third-Party Cloud Providers receiving or processing PHI are Business Associates

    • Merely Selling or Providing Software to a Covered Entity does not give rise to a BA relationship if the vendor does not need access to the P