Transcript
Page 1: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Secure Cloud Computing Concepts Supporting Big Data in Healthcare

Ryan D. Pehrson Director, Solutions & Architecture

Integrated Data Storage, LLC

Page 2: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Objectives

After this session, the learner should be able to: • Explain what “Cloud Computing” and “Big Data” means • Describe the business value of using the Cloud for Big

Data in Healthcare • Identify key regulatory considerations affecting storage

of data including PHI in the Cloud • Identify applicable risks and controls • Evaluate Cloud service providers and identify

opportunities for use of the cloud in the healthcare vertical

Page 3: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Context: Gartner’s “Nexus of Forces”

Social Mobile

Cloud Big Data

Page 4: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

CLOUD COMPUTING THE TECHNOLOGY FOUNDATION FOR AGILE BUSINESS

Page 5: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Cloud Computing Defined

NIST Definition Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Page 6: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Attributes of Cloud Computing

5 Essential Attributes of Cloud Computing

• On-demand self-service

• Broad network access

• Resource pooling

• Rapid elasticity

• Measured service

Page 7: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

3 Major Cloud Service Models

Software as a Service

Platform as a Service

Infrastructure as a Service Storage Compute Network

App Server Web Server

Email CRM Expense

DB Server

Page 8: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

3 Major Cloud Deployment Models

Image Credit: VMware

Page 9: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Reliance on a Virtualized Datacenter

Memory Pool Storage Pool Interconnect Pool CPU Pool

Virtualized Pool of Resources

Underlying Physical Resources

Service Consumer B Service Consumer A

$.xx/GHz/Hr

$.xx/GB/Hr $.xx/GB/Mo $.xx/GB Transferred

Page 10: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Cloud Value Proposition

• Turn large capital expenditures into operational expenditures (Public / Hybrid)

• Pay only for what you use

• Better allocate costs per application or business service

• Better cost efficiency through resource sharing

• Scale rapidly to match capacity to demand

Page 11: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Top Reasons Companies are Moving to the Cloud

• Proven Results

• Rapid Development of new Products and Services

• Supports a Variety of Business Needs

• Makes Collaboration Easy

• Better support for Big Data & Analytics efforts

Page 12: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Cloud Adoption in Healthcare

Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies

Page 13: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Cloud Adoption in Healthcare

Source: CDW State of the Cloud Report, 2013 N=157 for Healthcare companies

Key Findings:

• Cloud Adoption Lags industry in Healthcare • 2 of the top 3 use cases are for productivity applications Discussion: • What is your company using the cloud for today? • What do you plan to use the cloud for tomorrow? • What are the key challenges you see for adopting cloud

in your organization?

Page 14: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Reality Check –Straight Talk

The Promises:

• Cloud Computing Will Save Money

• Cloud Computing Simplifies Service Delivery

• Performance in the Cloud is as Good or Better

• Migrating to the Cloud is fast and turn-key

• The Cloud is Secure

Source: CSC Report on Cloud Computing in Healthcare Environment. Published by HIMSS.

Page 15: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

How to Proceed with Cloud

• Think big, but start small and then scale • Develop a Cloud strategy (Business and IT) • Work with your Enterprise Architecture team

to develop a roadmap based on enterprise capability and process models

• Understand your Options and Risks • Integrate your strategy with your company’s

capital expenditure planning and project portfolio management

Page 16: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Test: Cloud Computing

A cloud computing environment in which the underlying resources are shared among multiple companies and operated by a third party is a

_________ Cloud.

Page 17: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Test: Cloud Computing

The three major service models for cloud computing are: ______ as a Service, ______ as a Service, and _______ as a Service.

Page 18: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Test: Cloud Computing

True or False:

Cloud Computing relies on a virtualized pool of shared resources in order to achieve efficiency

Page 19: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

BIG DATA: PRODUCING MEANINGFUL INSIGHTS FROM THE MASSIVE VELOCITY, VARIETY, AND VOLUME OF DATA

Page 20: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

The “Exaflood”

Page 21: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

The Three V’s

Volume

•Data Size

Variety

•Data Sources

Velocity

•Speed of Change

The Volume, Variety, and Velocity of Data is increasing faster than the capacity or capability of current methods or systems of data retrieval.

Page 22: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Big Data Statistics from the Social Web

Source: HP Analyst Briefing

Page 23: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Big Data Technology

Big Data Analytics Technology Allows for: • Real-Time • Predictive • Agile • Contextual • Experimental • Structured or Unstructured • Bonding Relationships • … Across Information Silos

Page 24: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Traditional Information Management vs Big Data

Traditional

• Requirements

• Data Warehouses /Marts

• Document Use Cases

• Centralized

• Future reuse

• Disciplined Design

• Specific Data Structures

• Better Decisions

Big Data

• Opportunities

• Hadoop Clusters

• Hunt for Useful Data

• Widely Decentralized

• Immediate Use

• Experimentation

• Any Data Structure

• Better Insights

Page 25: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Big Data Requires

• Massively Scalable Compute

• Massively Scalable Data Storage

• Quality Input Data

• New / Specialized Analytical Skillsets

Page 26: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Through 2015, organizations integrating high-value, diverse, new information types and sources into a coherent information management infrastructure will outperform their industry peers financially by more than 20%. - Gartner

The Big Data Opportunity

Page 27: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Big Data + AI Beats Traditional Care

Source: http://newsinfo.iu.edu/news/page/normal/23795.html

Page 28: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

More Health Care Opportunities

• Social Medicine

• Mobile Medicine

• Evidence Based Medicine

• Biomedical Informatics improve medical research

• Improve Public Health Reporting

• Smart EHR and Continuity of Care applications – analyze and populate data from past records

Page 29: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

The Big Data Opportunity

Page 30: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

3 Obstacles to Big Data in Healthcare

• Data Security and Data Privacy Concerns

• Specialized Skillsets and Availability of Knowledgeable Resources

• Ability of companies to store necessary volume, variety, velocity of data

Page 31: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

By 2015, demand for skilled Big Data employees will reach 1 Million jobs, but only 1/3 of those jobs will be filled – Gartner

Page 32: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

What Does This Mean

• Most companies will not be able to build their own big data capability and therefore must consume resources from a third party provider

• Multi-tenant Big Data providers of will arise to provide more economical yet secure service to healthcare payers and providers

Page 33: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Test: Big Data

1. The Three V’s: _______, _______, ________

2. IDC estimates that by 2020, there will be _______ Exabytes in the Digital Universe, but only ____% will be tagged or analyzed

3. Big Data requires _________ scalable compute and data storage facilities

Page 34: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

SECURITY & COMPLIANCE: MAINTAINING SECURITY AND COMPLIANCE IN A CLOUD ENABLED WORLD

Page 35: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Regulatory Update

• HIPAA-HITECH Regulation (2013) • Clarifies Regulations of Business Associates (BA’s) and

Subcontractors • BA’s must have a Business Associate Agreement (BAA) with

Subcontractors • HIPAA Security and Part of HIPAA Privacy now apply to BA’s • Strengthens Patient Rights to receive copies of their

protected health information (PHI) • Regulations provide for much stronger penalties for

violations • Business Associates are directly subject to enforcement • State Attorneys General can now enforce HIPAA

Page 36: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Defining a Business Associate (BA)

A Business Associate is entity that creates, receives, transmits, or maintains PHI on behalf of a covered entity for purposes of:

• Data Analysis • Processing or Administration • Utilization Review • Quality Assurance • Billing • Benefit Management • Practice Management • And more…

Page 37: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Implications for Cloud Providers

• Third-Party Cloud Providers receiving or processing PHI are Business Associates

• Merely Selling or Providing Software to a Covered Entity does not give rise to a BA relationship if the vendor does not need access to the PHI in order to perform its service

• A vendor hosting software which contains patient information for a covered entity on its own servers IS a Business Associate of the Covered Entity

• Data Transmission Organizations, postal or telecommunications, who do not access, store, or maintain PHI, are not Business Associates

Page 38: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

What This Means

• It is OK to work with cloud providers if you have done your due diligence – Remember, patients will likely blame the provider

or the payer in case of a breach

• Cloud Providers must sign a Business Associate Agreement and follow the HIPAA-HITECH regulations

• Cloud Providers must have Subcontractors sign a Business Associate Agreement

Page 39: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Security and Compliance Concerns for Cloud / Big Data in the Cloud

• Data Security / Data Privacy

• Compliance

• IT Governance

• Data Integration and Data Ownership

• Competition

• Bandwidth

• Skills, Training, Staffing

Page 40: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Risks and Controls Exercise

Risk Controls

Data Security & Data Privacy

Regulatory Compliance

Governance

Data Integration & Data Ownership

Competition

Bandwidth

Skills, Training, Staffing

Page 41: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Evaluating a Cloud Provider: Healthcare

• BAA: – Will the Cloud Provider Sign a BAA? – Does the Cloud Provider require subcontractors to Sign BAA’s?

• Audit Support: – Will the Cloud Provider support regular and random audits?

• Safeguards: – Can the Cloud Provider detail and demonstrate physical, technical, and administrative

safeguards? • Reliability & Availability:

– Does the Cloud Provider have Financially Backed 24x7 Availability Guarantees? – Appropriate Technical Redundancy and Replication?

• Interoperability and Flexibility: – Is your traditional or cloud infrastructure interoperable with provider? – Is it Hotel California?

• Foreign Nationals: – Do any Foreign Nationals have access to PHI?

• The “Nirvanix” Gut Check – Financial and Operational Health: Is this company destined to fail?

Page 42: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Check: Security & Compliance

True or False:

Under the HIPAA-HITECH revisions in 2013, a Business Associate of a Covered Entity is directly accountable to HHS.

Page 43: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Check: Security & Compliance

True or False:

A Postal Carrier who transports and delivers backup tapes containing PHI in an encrypted form is a Business Associate of a Covered Entity

Page 44: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

Learning Check: Security & Compliance

The Seven Key Risk Areas for Cloud Discussed in this Session are: 1. ________ & __________ 2. ________ __________ 3. ____________ 4. ____________ & ____________ 5. ____________ 6. ____________ 7. ____________, __________ & ____________

Page 45: Secure Cloud Computing Concepts Supporting Big …firstillinoishfma.org/wp-content/uploads/3_Integrated...Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D

THANK YOU

Ryan Pehrson

Integrated Data Storage, LLC

http://www.linkedin.com/in/ryanpehrson

+1 312.334.6413


Top Related