Today’s healthcare organizations are expected to be agile, reduce costs, and direct capital toward revenue generating activities that improve patient outcomes. The cloud is a key part of the answer, but implementing a new solution on the cloud also requires new skills especially around governance, compliance with HIPAA, and security practices. Many healthcare organizations look to an experienced partner to help them migrate solutions from on-premises to the cloud, while building in the right set of structures to seamlessly handle known and future challenges.
The Azure platform offers a wealth of services for partners to enhance, extend, and build industry solutions. Here we describe how one Microsoft partner uses Azure to solve a unique problem.
Wanted: Governance and compliance expertise
For organizations that have moved to the cloud, a lack of governance and understanding about the way cloud services work can lead to wasted spending, unpredictable cloud service bills, and cloud vendor lock-in. The rapid growth of cloud infrastructures also creates a dizzying array of possibilities that can keep a team uncertain of the correct path and second guessing their choices, which can lead to delay and add risk of failure.
Now, healthcare CIOs increasingly rely on cloud platforms, but they run into new problems. To prevent the inevitable difficulties requires a staff that is fully enabled with the right skills for compliance, privacy, and security. Health IT professionals need guidance on how to move an on-premises healthcare infrastructure to a cloud platform, and ensure HIPAA compliance, policies, safeguards, and resources are in place.
Here are the major areas that require thought and planning:
- Privacy, compliance concerns: Protecting patient data is a persistent concern, along with implementation, uncertainty, and risk. Concerns about HIPAA compliance, cloud, and legacy system integration are among the major obstacles that have kept healthcare IT on-premises.
- Budget constraints, cost optimization: Cloud service bills are often highly detailed and complicated, making it difficult to determine which application, department, or resource is the source of a cost overrun.
- Technical hurdles: Healthcare IT professionals may not have the skills or resources to leverage cloud services to do things like extend an on-premises datacenter to a hybrid cloud.
- Training: Retaining and enabling IT staff is a key challenge, and education on any new solution is critical to success. Everyone should have easy to understand resources regardless of the role whether it be IT leaders, administrators, developers, and/or database administrators.
- Gaps in capabilities: Even with an on-premises solution, many use special services from a vendor. Planning should include those partners as well as specialized areas that the vendors don’t currently address.
Burwood Group is a Microsoft partner that specializes in moving healthcare organizations to Azure. If a client has a secure, on-premises network, Burwood will build a secure cloud network and leverage the same regulatory controls used for an on-premises installations. They will also educate technology teams on endpoint security and serverless security, with emphasis on HIPAA compliance in the cloud.
The consulting firm offers extensive training. For example, through a one-day class, they provide the basic education to have a successful implementation in Azure, with an emphasis on healthcare requirements in the cloud. This workshop includes hands-on lab exercises and is 100 percent focused on pertinent, practical, and actionable knowledge.
- Standardization: As a cloud team, nothing is left to guess work. Instead, consistency is instilled across the team. Through education, Burwood introduces the healthcare datacenter in Azure.
- Flexibility: IT teams may need to work with multiple cloud architectures for healthcare. This occurs as care is increasingly managed across settings with more interoperability across applications and business entities. Understanding best practices for the cloud allows expertise that is independent of any application or vendor.
- Control: When it comes to cloud governance for healthcare, organizations need to control cloud sprawl. As personnel enter or leave an organization, permissions must be carefully allowed or revoked to prevent security breaches. Burwood provides education on these subjects: What is going into and out of Azure? Who has rights to resources in Azure? These types of questions are answered.
- Service catalog: Burwood seeks to keep users informed of new services through a service catalog. Users are instructed about the following.
- Handling cloud service requests and change management.
- Expanding the current service catalog through an Azure for healthcare IT emphasis.
- Potential items that users can request through the service catalog in Azure.
- Indexing: All resources in the cloud must be tagged with cost center, creation date, and more.
- IP awareness: Users are instructed to be very careful of public IP address assignments, and the potential of creating vulnerabilities.
The company has a proficiency in both healthcare and Azure technology. These are a few of the Azure services used to create custom solutions:
- Azure portal
- Azure Resource Manager
- Azure role based access control
- Azure Active Directory
- Azure Load Balancer
To learn more about other industry solutions, go to the Azure for healthcare page. To find more details about consulting and a one day Azure University for healthcare workshop, go to the Azure Marketplace listing for the Burwood Group and select Contact me.
Source: Azure Blog Feed