Take a quick look at any of our articles and blog posts on healthcare clouds, and you’ll find that we talk a lot about security, performance, scalability, compliance and other elements of a strong cloud infrastructure. That’s a good thing, but sometimes we get so focused on the technical details of clouds that it’s easy to forget their purpose: optimizing patient care. At the end of the day, performance and data protection aren’t just about protecting the organization. Ultimately the goal of all healthcare IT is to create a system that facilitates the best patient care possible.

Obviously the cloud provider you choose will have a strong impact on this – but as you know if you’ve been reading this blog, not all providers are created equal. And when it comes to healthcare, it’s doubly important to choose an experienced provider who understands the relationship between cloud performance and security and patient outcomes. Other industries may focus solely on dollar signs, but healthcare clouds have the power to save lives. Whether it’s sharing a critical test result or accessing an unconscious patient’s medical history, keeping data protected and available is at the heart of healthcare IT.

That’s a pretty big distinction and it’s something to keep in mind when evaluating cloud providers. The foundation of a good healthcare cloud includes availability and performance. Medical personnel must be able to retrieve data they need at any given moment. Yet security and compliance play a strong role, too, in ensuring that your data stays available, confidential and uncompromised. Look for the following benchmarks when evaluating healthcare cloud providers:

  • Build and test a proof of concept to ensure a particular cloud can handle your requirements. Remember, too, that your data is never going to stop growing.
  • Ask each provider what kind of storage they use. Be specific. Are they utilizing fiber- or network attached storage? Fiber is faster and more secure. Do they offer high-performance SSD-based storage?
  • Review the hardware platform being used to provide compute and memory. Not all hardware performs equally, so test it to make sure it can handle your needs.
  • Ask the providers how they plan and manage capacity. Many providers rely on an oversubscription model, which can result in performance degradation at certain times.
  • Ask them what measures they include to ensure that your applications will be available. Do they provide fully redundant, highly available infrastructure? Is it included as part of their base or an extra cost?
  • What about protecting against DoS/DDoS attacks? Do they have this capability built into their security stack or is this another add-on service?
  • Investigate each provider’s service model. Committing to a certain response time may sound reassuring, but it’s the resolution time that ultimately impacts your environment. Can the provider commit to fixing the problem in a certain period of time? Will they offer managed service and a strong incident response plan or will you be on your own if disaster hits?
  • Ask if the provider uses third-party subcontractors, as that will involve a longer chain of liability for you to evaluate. Even if your provider can show you an audit report, you must read it closely to determine if their security services were actually part of a third-party audit.
  • Getting HIPAA compliant is a challenge for anyone in healthcare IT. Look for a provider who’s experienced with HIPAA, and who clearly understands that HIPAA compliance depends on building a strong security posture. In doing so, they need to understand the difference between security and compliance and avoid having compliance masquerade as a security program. Make sure, too, they can articulate the division of compliance responsibilities between their organization and yours.

Some of these criteria may not seem directly related to processing electronic protected health information (ePHI). In fact, almost every aspect of building an optimized cloud will inevitably influence performance. From satisfying compliance regulations to improving operational efficiencies, a strong environment managed by expert hands will ensure that medical personnel get the data they need to save lives and make smart treatment decisions. Ask the right questions and you find a provider who can help deliver the best possible patient outcomes for your organization.