cloud computing enables consumer-centered healthcare

©2009 Healthcare Cloud Intiative 1

Cloud Computing Enables Consumer-Centered

Healthcare

Cloud Computing Enables Consumer-Centered

Healthcare

Eiji SasaharaEiji Sasahara, Ph.D., MBA, Ph.D., MBADan McGuire, MBADan McGuire, MBA

Hitoshi Iwashita, MBAHitoshi Iwashita, MBA

Healthcare Cloud InitiativeHealthcare Cloud InitiativeOctober 15, 2009October 15, 2009

©2009 Healthcare Cloud Intiative 2

• 1. Introduction• 2. Understanding Cloud Computing• 3. Cloud Computing in Healthcare• 4. Case study in Life Science/Pharma• 5. Case study in Healthcare provider

Agenda

©2009 Healthcare Cloud Intiative 3

• Speakers– Eiji Sasahara, Ph.D., MBA

http://www.linkedin.com/in/esasahara

– Dan McGuire, MBAhttp://www.linkedin.com/pub/dan-mcguire-japan-healthcare-network/1/970/329

– Hitoshi Iwashita, MBAhttp://www.linkedin.com/pub/hitoshi-iwashita/0/34a/694

1. Introduction (1)

©2009 Healthcare Cloud Intiative 4

• Healthcare Cloud Initiative– Grass-root group to share knowledge

about benefits and risks of cloud computing, and to promote new business development with ICT utilization in the healthcare industry

• Life science & Pharmaceutical• Healthcare Provider• Healthcare Payer

1. Introduction (2)

©2009 Healthcare Cloud Intiative 5

• Healthcare Cloud Initiative– Focus areas in Healthcare Value Chain

1. Introduction (3)

ClinicalTrialSupports

RelationshipDevelopmentw/OpinionLeaders

ProfessionalEducation& Advocacy

Advertising& Promotion

Direct-to-ConsumerEducation& Advocacy

Patients& families

Academia HealthcareProfessionals

CommunicationMedia

GeneralConsumers

Opportunities and Risks of Cloud Computing -New Business Development-Technology Innovation

©2009 Healthcare Cloud Intiative 6

• Cloud Security Alliance– Global, not-for-profit organization– Inclusive membership, supporting broad

spectrum of subject matter expertise: cloud experts, security, legal, compliance, virtualization, and on and on…

– We believe Cloud Computing has a robust future, we want to make it better

“To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud

Computing to help secure all other forms of computing.”

1. Introduction (4)

©2009 Healthcare Cloud Intiative 7

• Cloud Security Alliance– Individual Members (LinkedIn Community)

1. Introduction (5)

<Active Working Groups>-Editorial

-Educational Outreach

-Architecture

-Governance, Risk Mgt, Compliance,

Business Continuity

-Legal & E-Discovery

-Portability, Interoperability and Application Security

-Identity and Access Mgt, Encryption & Key Mgt

-Data Center Operations and Incident Response

-Information Lifecycle Management & Storage

-Virtualization and Technology Compartmentalization

<New Working Groups>-Healthcare

-Cloud Threat Analysis

-US Federal Government

-Financial Services

©2009 Healthcare Cloud Intiative 8

• Cloud Security Alliance – Resources

• ”Security Guidance for Critical Areas of Focus in Cloud Computing”(http://www.cloudsecurityalliance.org/)

• ”Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance”(http://oreilly.com/catalog/9780596802769/)

1. Introduction (6)

©2009 Healthcare Cloud Intiative 9

• Definition of Cloud Computingby National Institute of Standards and Technology (V15)

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”(http://csrc.nist.gov/groups/SNS/cloud-computing/index.html)

2. Understanding Cloud Computing (1)

©2009 Healthcare Cloud Intiative 10

• Characteristics of Cloud Computing by NIST (V15)– On-demand self-service – Ubiquitous network access– Resource pooling

• Location independence• Homogeneity

– Rapid elasticity– Measured service

2. Understanding Cloud Computing (2)

©2009 Healthcare Cloud Intiative 11

• Cloud Service Models by NIST (V15)– Cloud Software as a Service (SaaS)

• Use provider’s applications over a network – Cloud Platform as a Service (PaaS)

• Deploy customer-created applications to a cloud– Cloud Infrastructure as a Service (IaaS)

• Rent processing, storage, network capacity, and other fundamental computing resources

2. Understanding Cloud Computing (3)

©2009 Healthcare Cloud Intiative 12

• Cloud Deployment Models by NIST (V15) – Private cloud

• enterprise owned or leased

– Community cloud• shared infrastructure for specific community

– Public cloud• Sold to the public, mega-scale infrastructure

– Hybrid cloud• composition of two or more clouds

2. Understanding Cloud Computing (4)

©2009 Healthcare Cloud Intiative 13

• Characteristics of Cloud Computingby Cloud Security Alliance– Abstraction of Infrastructure– Resource Democratization– Services Oriented Architecture– Elasticity/Dynamism– Utility Model of Consumption & Allocation

2. Understanding Cloud Computing (5)

Business requirements identify features of cloud computing

©2009 Healthcare Cloud Intiative 14

• Difficulty in Cloud Computingby Cloud Security Alliance– Who manage it– Who owns it– Where it’s located– Who has access to it– How it’s accessed

2. Understanding Cloud Computing (6)

Big challenge: Security and risk control under the cloud computing environment

©2009 Healthcare Cloud Intiative 15

• Architecture of Cloud Computing

2. Understanding Cloud Computing (7)

PlatformLayer

ApplicationLayer

InfrastructureLayer

Business Layer

Software: System & network management, Security, StorageHardware: Server, Storage, Network, Clients

Software: Application Development, Quality & Life-Cycle Tools, Application Server/Integration & Process Automation Middleware, Information & Data management, Systems & Network Management

Software: Collaborative, Content, ERM, SCM, CRM, Operations & Manufacturing, Engineering, Business Intelligence, etc.

SaaS

PaaS

IaaS

Life ScienceHealthcare

PayerHealthcareProvider

(e.g.)

©2009 Healthcare Cloud Intiative 16

• What is Governance, Risk and Compliance (GRC) Management?– Governance: Activities to demonstrate

strategy direction and systems to regulate and monitor corporate business management

– Risk: Activities to identify, analyze and manage risks inside/outside the company

– Compliance: Activities to adhere to rules and requirements set by laws, standards and code of ethics

2. Understanding Cloud Computing (8)

©2009 Healthcare Cloud Intiative 17

• GRC Management and ICT– Application Layer

• Compliance Management Solutions• Business Assurance Analytic Solutions• Financial Compliance and Reporting• Compliance Process Automation• Enterprise and Operational Risk Management

Solutions

– Platform and Infrastructure Layers • Compliance Infrastructure Solutions

– Security Management Solutions– IT Governance Management Solutions– Records and Information Management Solutions

2. Understanding Cloud Computing (9)

©2009 Healthcare Cloud Intiative 18

• Architecture of GRC Management ICT

2. Understanding Cloud Computing (10)

PlatformLayer

ApplicationLayer

InfrastructureLayer

Business Layer

Software: System & network management, Security, StorageHardware: Server, Storage, Network, Clients

Software: Application Development, Quality & Life-Cycle Tools, Application Server/Integration & Process Automation Middleware, Information & Data management, Systems & Network Management

Software: Compliance Management, Business Assurance Analytic, Financial Compliance and Reporting, Compliance Process Automation, Enterprise and Operational Risk Management, etc.

SaaS

PaaS

IaaS

J-SOXPersonal

InformationConsumer

Safety

©2009 Healthcare Cloud Intiative 19

• Impact of Consumer as a Stakeholder – Consumer-centered healthcare drives ICT utilization.– Consumerization of ICT drives cloud computing.

2. Understanding Cloud Computing (11)

PlatformLayer

ApplicationLayer

InfrastructureLayer

Business Layer

Software:

Hardware:

Software:

Software:SaaS

PaaS

IaaS

HealthcareICT

Cloud Computing

Life ScienceHealthcare

PayerHealthcareProvider

Consumer-CenteredMovement

GRCManagement

Consumeras a

Stakeholder

©2009 Healthcare Cloud Intiative 20

• “Cloud Computing: A new business paradigm for biomedical information sharing”

Rosenthal A, Mork P, Li MH, Stanford J, Koester D, Reynolds P.J Biomed Inform. 2009 Aug 26.(http://www.ncbi.nlm.nih.gov/pubmed/19715773)

– For customers, cloud computing is primarily a new business paradigm, as opposed to a new technical paradigm.

3. Cloud Computing in Healthcare (1)

Who are “customers” in healthcare?= Consumers (Patients and families)

©2009 Healthcare Cloud Intiative 21

– Features of Cloud Computing in Biomedical informatics• Resource outsourcing• Utility computing• Large number of machines• Automated resource management• Virtualization• Parallel computing

3. Cloud Computing in Healthcare (2)

Business requirements identify features of Cloud Computing

©2009 Healthcare Cloud Intiative 22

• “Security and privacy requirements for multi-institutional cancer research data grid”

Manion FJ, Robbins RJ, Weems WA, Crowley RS.BMC Med Inform Decis Mak. 2009 Jun 15;9:31.(http://www.ncbi.nlm.nih.gov/pubmed/19527521)

– Key Challenge is developing suitable models for authentication and authorization practices within federated environment.

3. Cloud Computing in Healthcare (3)

Healthcare cloud is based on federated environment (à Hybrid Cloud)

©2009 Healthcare Cloud Intiative 23

• Recommendation for large scale federated sharing of data within a regulated environment

– Necessity to construct separate legal or corporate entities for governance of federated sharing initiatives

– Consensus on the treatment of foreign and commercial partnerships– Development of risk models and risk management processes– Development of technical infrastructure to support the credentialing

process associated with research including human subjects– Exploring the feasibility of developing large-scale, federated honest broker

approaches– Development of suitable, federated identity provisioning processes to

support federated authentication and authorization– Community development of requisite HIPAA and research ethics training

modules by federation members– Recognition of the need for central auditing requirements and authority– Use of two-protocol data exchange models where possible in federation

3. Cloud Computing in Healthcare (4)

©2009 Healthcare Cloud Intiative 24

• Summary– Cloud computing is primarily a new

business paradigm.– Consumer-as-a-Stakeholder approach

integrates cloud computing, GRC management and healthcare ICT.

– GRC management should be the enabler of cloud computing in total healthcare value chain.

3. Cloud Computing in Healthcare (5)