Cloud First Policies in Healthcare: Leadership from HSE Ireland
“Cloud First” is a phrase we hear often in the technology world, but what does Cloud First mean from a policy perspective and more specifically what does it mean in healthcare? We have had a chance at meetings of the EU Cloud in Health Council to touch on this subject many times and it was one of the recommendations in the Council’s June 2016 Call to Action. While listening to comments by Council member Richard Corbridge (Chief Information Officer for the Health Service Executive in Ireland) over the past few Council meetings, we thought customers, policymakers and other healthcare stakeholders not lucky enough to be in the room listening to Richard would benefit from hearing more from Richard about what Cloud First means to HSE Ireland and how Ireland is leveraging the cloud as a result of that policy.
The notion of a Cloud First policy has its origins in work by the US Federal Government CIO Vivek Kundra and is one of the cornerstones of Kundra’s 25-point plan to reform federal information technology management, published in 2010. In the report outlining that plan, Kundra explained the Cloud First mandate as follows: “When evaluating options for new IT deployments, OMB will require that agencies default to cloud-based solutions whenever a secure, reliable, cost-effective cloud option exists.” The US Cloud First policy was not merely forward looking though, it also included a requirement that “[e]ach Agency CIO will be required to identify three ‘must move’ services and create a project plan for migrating each of them to cloud solutions and retiring the associated legacy systems.” A number of other countries have implemented Cloud First policies, including the UK and Australia, and we also see government departments formulating Cloud First policies, such as the New Zealand Fire Service. One technology consulting firm even called Cloud First “The New Normal.”
That is a good place to pick up the conversation with Richard. In the first video clip you can hear Richard explain that the HSE Cloud First Policy creates a presumption that new services are deployed in the cloud, and in his words “turns on the head the principles that had been there before where on premise solutions would have been what people would have wanted to go with first.” Richard also shares that it’s critical that the Cloud First approach needs to have an appropriate starting point, but also recognize that as a whole, “the health system needs to go to the cloud, because it can’t afford not to.”
In a second video clip, Richard gives an overview of how the Cloud First Policy recently drove the cloud based implementation of a new epilepsy care system, that includes the genomic information of the epilepsy patient in their cloud based patient record. That new system allows care providers to have far more information about the patient, enabling different treatments based on unique genetic characteristics of each patient as well as information that the patient inputs into the record. Richard also talks about the importance of communicating a Cloud First Policy internally to healthcare providers and technologists, but also externally to patients and the public more generally so that they understand that the policy actually will improve the security of their health information and ultimately lead to better care outcomes. That is an important shift in perception that many largescale users of cloud (like HSE Ireland) have already undergone, but to fully recognize the value of cloud computing in healthcare we will need to work together to make sure that perception shift to becoming more comfortable with the cloud happens at the patient level as well.
We want to again thank Richard for his leadership in this area and his willingness to share his vision beyond the EU Cloud in Health Council. For more information on cybersecurity in health download the e-book here.
