Friday, April 13, 2012

Cool Technology of the Week

I've written several posts about BIDMC's use of "private cloud" approaches to host electronic records and gather community-wide quality data.   Healthcare organizations have avoided the use of "public cloud"  because of HIPAA/HITECH privacy concerns, lack of breach indemnification/data integrity guarantees, and the unwillingness of many cloud providers to sign business associate agreements.

Although it has not been widely discussed in the industry, the Centers for Disease Control and Prevention's (CDC) Biosense 2.0 initiative has done ground breaking work to solve these issues, using Amazon's AWS GovCloud to create a national repository of syndromic surveillance data that includes all the protections needed to protect privacy including independent security testing at the FISMA-Moderate Level.

CDC is the first government agency to complete all the rigorous certification needed to host sensitive data in the public cloud.

CDC has also built gateways that make it easy for public health departments to submit data to the cloud - a Direct Project adapter, an NwHIN Exchange adapter, and others.    Meaningful Use Stage 1 requires the testing of health information exchange with public health and Beth Israel Deaconess did its transactions with the Boston Public Health Commission (BPHC), which stored them in CDC's public cloud.  BPHC was the first public health department in the nation to provide data feeds to the Amazon infrastructure.

Finally, CDC has enabled queries of the cloud data using multiple platforms including open source analytical tools such as R.

A secure, HIPAA-compliant public cloud that includes healthcare information exchange gateways and analytical tools.   That's cool!

6 comments:

Alan said...

In the near-future the GSA's FedRAMP program should make it easier to establish FISMA-moderate level cloud services.
http://www.gsa.gov/portal/category/102371

Anonymous said...

Very cool! Always reminds me of the Judy Collins song:

"I've looked at clouds from both sides now
From up and down and still somehow
It's cloud's illusions I recall
I really don't know clouds at all"

Abraham Gurivindapalli said...

Hi John,

It was nice meeting you in Baltimore, MD and pleasure talking to you. Thanks for providing information on Amazon's AWS GovCloud and how it is being used. This is the first time i am reading your blog and it is very informative.

Regards,
Abraham

Anonymous said...

Correction to Anonymous - that song was penned and performed/recorded by Joni Mitchell. Judy Collins also performed it.

Great reference to the song though...just want to make sure the credit goes to the right artist.

MichelleK said...

Be careful...there is a difference between FISMA Moderate and FISMA High.
GovCloud is AWS in a different building with FISMA-Moderate security controls.
Why not run hybrid to keep sensitive data in FISMA High protection instead of FISMA Moderate?
There is only one cloud vendor that can give customers a hybrid cloud, and therefore, achieve FISMA Moderate and FISMA High: VMware

Michelle said...

Be careful...FISMA Moderate and FISMA High are very different.
GovCloud is AWS in a different building with FISMA-Moderate security controls.
Why not run hybrid cloud to keep sensitive data in FISMA High protection instead of FISMA Moderate?
There is only one cloud vendor that can provide hybrid cloud that gives cusotmers FISMA High: VMware