Healthcare organizations have already embraced the cloud. Today, its primarily healthcare applications such as EMRs, Contact Centers, and Health Information Systems that have migrated to the cloud. However, infrastructure management is on the horizon. Our recent survey found that while only 14% of healthcare organizations leverage cloud management today, 41% have plans to move their infrastructure management into the cloud in the next 1-5 years.

For healthcare organizations that are starting to look at the benefits of cloud-management infrastructure, this blog offers advice on how to get started with cloud-management in a very targeted way.

1. Look to remote offices and small clinics.

Due to ongoing space constraints in main hospitals, more and more supporting functions (i.e. finance) are moving into office spaces outside the hospital campus. Without patients and medical devices, these remote offices represent an easy way to get started with cloud-management to provide support staff with reliable connectivity, without a heavy administrative burden.

Remote clinics represent another opportunity to get started.  With the shift towards enhancing patient outcomes, the previous model having disconnected parts of the health system providing separate episodes of care is going away. This is leading to more consolidation across the healthcare industry. 

What does this mean for networking and IT teams? The ability to onboard new locations and clinics in a quick and painless manner is a critical requirement. Cloud-managed solutions work well for this specific use case, giving IT teams the ability to easily centralize and manage their network infrastructure in locations without any IT support. With automated on-boarding and provisioning and simple templates to enable services, on-boarding new locations and clinics can be done in a fast and efficient way.

2. Start with Wi-Fi. 

Wi-Fi is where cloud-managed solutions originated, so it represents the most logical place to start. Having said that, it is equally important to ensure that the cloud management vendor you are working with can manage your routers and switches as well. The goal of cloud-management is to simplify.  However, disparate management systems are anything but simple. 

Even though you might want to start with Wi-Fi first, it is best to ensure your vendor has an end-to-end cloud management plan in place.

3. Assign a compliance expert.

Cloud management may have compliance implications; therefore, it is recommended to assign a compliance expert to the project in its initial stages to ensure on-going compliance to the key regulations the healthcare industry must adhere to:

Health Insurance Portability and Accountability Act (HIPAA) defines the policy for how electronic protected health information (ePHI) should be protected, however, the actual “how-to” guidelines are contained in the Code of Federal Regulations (CFR) Title 45. A few considerations include:

• What administrative safeguards are provided?  Features such as log-in monitoring, emergency mode operation, the ability to identify and respond to security incidents (rogue access points for example), data back-up and recovery, and comprehensive reporting features are just a few examples of what to look for.
• What physical safeguards are provided?  What features are provided to ensure that the infrastructure is protected from unauthorized physical access, tampering, and theft?
• What technical safeguards are provided? Features such as authentication, encryption, and audit controls are a few examples of features that represent help protect critical ePHI data and should be available in your cloud-managed solution.

 Payment Card Industry Data Security Standard (PCI DSS)applies to all entities that store, process, or transmit cardholder data and/or sensitive authentication data. A few considerations related for the cloud management provider in relation to PCI DSS include:

• How is cardholder data protected? Is it encrypted? Is it stored, where is it stored, and for how long is it stored?
• Are strong access controls in place?  Are all users and devices authenticated and identified? Can specific actions be easily traced back to individual users? 
• Is regular security testing done? Is there an automated auditing feature to validate PCI DSS compliance? What firewalls and intrusion detection systems are leveraged to protect critical data?  

General Data Protection Regulation (GDPR) is legislation designed to protect the privacy rights of EU citizens regarding the collection and processing of their personal data. A few considerations related to GDPR include:

• Where in the cloud will your data reside? Different vendors have different cloud-architectures and for compliance with GDPR. It is important that customer data is stored in local data centers within the EU to meet data residency requirements. 
• How does your cloud-networking provider handle data security? Is the data encrypted?  Does the cloud management vendor do risk assessments and hire penetration experts? Do they have adequate physical and network security?
• Can your cloud-networking platform handle GDPR-related obligations? This includes the right to request and be forgotten, by searching for, downloading, and deleting personal data. As well as providing logging and auditing tools to track these actions so healthcare organizations can better document them.    

Looking at each of these in detail is recommended as cloud management is pursued.

4. Look for certifications.

Healthcare handles some of the most sensitive data out there. You need to look for a cloud management platform that not only claims to help facilitate your compliance obligations but also shows credibility comprehensive information management and data protection certifications such as ISO/IEC 27001. 

The ISO/IEC 27001 standard was developed to provide a comprehensive model for implementing, operating, monitoring, and maintaining an Information Security Management System (ISMS). Its goal is to preserve the confidentiality, integrity, and availability of information by applying a comprehensive risk management process. 

When organizations seek ISO/IEC certification, they not only have to prove they adhere to the key requirements, they also must undergo audits on an ongoing basis. Many of the components of the ISO/IEC framework, specifically those related to access controls and privileged access rights, align nicely to some of the criteria for facilitating HIPAA, PCI DSS, and GDPR compliance. 

5. Look for AI/ML capabilities that are truly going to be useful.

AI/ML are the networking industry’s hottest buzz words.  In every vendor’s marketing literature, there are claims of these advanced technologies simplifying the lives of network operators.

However, it is important to remember that AI/ML is only as good as the information that is being collected. The larger the data pool, the more intelligent the AI/ML capabilities will be. Therefore, ensuring the cloud management platform has a massive data pool with a vast number of connected clients is critical.

In addition, with AI and ML, it’s important to look beyond the hype to ensure these technologies provide insights that are truly going to be useful for your business. The best approach is to ensure the insights you will collect answer four basic questions:

1. What is happening in my network? (Descriptive insights)
2. Why is it happening? (Diagnostic insights)
3. What is likely to happen in the future? (Predictive insights)
4. What do I need to do? (Prescriptive insights)

These four categories of insights provide the basis for autonomous networking.

If your healthcare organization is ready to learn more about cloud-management, consider watching this demo of ExtremeCloud IQ.