Tag Archives: SaaS

Cloud Computing, Security & Privacy Considerations

Posted on by

While conducting research for the long overdue and nearly completed report on Personal Health Clouds (Dossia, Google Health and HealthVault) came across a recently published report by the European Network and Information Security Agency (ENISA) addressing cloud computing security.  Though quite long (over 120 pages) the report provides a very comprehensive overview of cloud computing, its benefits, risks and some very good risk assessment tools to assist one in evaluating a cloud solution offering including segmentation by SaaS, IaaS and PaaS.

With the rapid migration to the “cloud computing” paradigm in the healthcare sector, be it personal health clouds, HIE vendors transitioning to PaaS vendors (note: Medicity made their own PaaS announcement yesterday – more to follow in near future), EMR vendors offering hosted solutions, to move to manage and store images in the cloud, and various niche vendors such as Medcommons, who uses Amazon to host its service, a report such as this is quite valuable and instructive both for potential users of cloud services as well as those offering them.

If you have even a remote interest in this subject, trust me, just get the report as it is one of the best I’ve come across to date.

Share
3 Replies - Leave a reply

Harvard Conference on Internet’s Future

Posted on by

I got religion.

At least religion that part of the savior to today’s, and more importantly, tomorrow’s healthcare crisis lies on the Internet.

With the abysmal adoption of IT to date within the healthcare sector, I am a strong believer that this industry will simply leap-frog the traditional, three-tiered IT architectural model and move directly to an SaaS-type model (ala athenahealth or Salesforce.com) coupled with cloud computing.  Granted, this will not occur over night and most large hospitals and IDNs will be loathed to give up on their server farms and internally developed apps, but there is a very large percentage of care (some estimate it at 80%) which takes place outside these large healthcare facilities, and it is here where adoption of healthcare IT (HIT) is lowest and where we will see the Interent play the biggest role.

We are still very early in the game here and there are numerous issues to contend with from privacy and security to uptime, to control – not insurmountable, but issues that must be addressed nonetheless.  So to get up to speed on how some of these issues may be tackled, I’m of to Harvard University for the next couple of days to get some schooling on the topic.  The Berkman Center for Internet & Society is having a 10th anniversary conference and have put together a very interesting agenda.  Will report back any insights I garner.

Share
2 Replies - Leave a reply

NEWS FLASH: Google Opens Kimono Offering Health Beta

Posted on by

Today, Google opened the doors to a Beta version of its consumer health site.  Based on that landing page, quite clear that unlike Microsoft, Google will offer a full fledged Personal Health Record (PHR) for the consumer.  In addition to the base PHR functionality they will be providing, Google Health Beta will also offer a secure repository to store one’s medical records, health and wellness information and a physician directory.

Off to a meeting now.  Will do a test drive of Google Health Beta later today and provide further analysis on the platform and its implications to the broader market.

Share
2 Replies - Leave a reply

B2C Dead in PHR Market?

Posted on by

The Personal Health Record (PHR) market is evolving rapidly undergoing a tectonic shift as the majority of PHR vendors shift their focus from Business to Consumer (B2C) sales & marketing model to Business to Business (B2B) model. This is particularly true for those who offer a hosted, web-based (SaaS) PHR solution.

In a series of interviews we have conducted over the last several weeks with a number of PHR vendors, both large and small, the over-riding trend is a refocusing of their marketing away from the consumer and towards larger enterprises, which can be broken down into three distinct markets: Employers, Health Plans and Providers.  PHR vendors are finding that these larger entities can be much more effective in promoting adoption of a PHR among their constituencies and it is far easier to target these organizations than the very broad and not terribly motivated end consumer market.

There are still a significant number of PHR vendors pursuing a B2C model, typically offering a desktop and/or USB solution.  These vendors, however, will see ever stronger headwinds as the PHR market moves to the Web as Web-based solutions can provide far greater functionality, are easier to update and will be delivered at ever lowering cost as these solutions scale.  Another challenge facing USB solutions is the reluctance of care providers to insert a USB into one of their networked computers for fear of inadvertently downloading a Trojan virus off the USB.  Thus, the utility of USB solutions is extremely compromised and consumers will look elsewhere.  For these reasons, PHR providers that offer only a desktop and/or USB solution will fade from the market within the next 3-5 years.

Our research on the PHR market will culminate in a comprehensive report that is scheduled for completion by the end of Q1’08.  If you wish to receive further information about this report, please contact us directly at: info@chilmarkresearch.com

Share
3 Replies - Leave a reply

Ho Hum, Google Tries to Keep the Embers Glowing

Posted on by

Google’s new leader of the Health Group, Marissa Mayer gave a very mundane presentation yesterday at the Web 2.0 conference in San Francisco and from various reports, it sounds like it was a complete bomb.

Granted, Marissa only had ten minutes to work with but you would think that in that time she could provide more than simple homilies and a Letterman-esque Top Ten list. No demos, no screen shots, and apparently no visionary statements like Adam Bosworth, Google Health’s former leader who mysteriously departed Google in early September. Marissa only gave a plea to stay tuned as they will formally launch something in early 2008.

Quite obvious that there has been a major re-thinking within the Google Health Group as to what their offering should consist of as it was not that long ago that they were distributing screenshots of proposed Google Health platform. A half year delay plus is a long time in the software industry, especially when there are a host of competitors jumping into the same market. Now with the recent Microsoft HealthVault release, Google may be giving even more thought to their offering to both differentiate themselves from Microsoft as well as insure that when they do hit the market, they will be offering something more for the consumer than just another Health Search engine , which is about all Microsoft can offer the consumer today.

So where is Google focusing its energy?

Based on Marissa’s comments, it looks like three key areas.

  • Search: Obviously, though it will be interesting as to how they provide such search capabilities as the Microsoft HealthVault search engine is impressive.
  • Local Care Provider Directory with Mapping: This makes a lot of sense as well and something they are already providingfor other business centric searches on emay perform. Now what would really set them apart is if they could combine this feature with quality and patient satisfaction metrics.
  • Archive and Retrieve Records: Again a logical extension of some of the things that Google is currently quite good at.

Nothing here really gets me excited. Ho Hum indeed.

So what’s missing? Well, hard for me to tell as I am basing this write-up on third-hand reports but what comes right-off the top of my head is a lack of creativity and imagination. Is this really the best they could think of to say at this conference?

I can only surmise that maybe Google is having second thoughts about how grand a vision they wish to pursue in this market. Maybe they took a hard-nosed look at just how difficult and challenging it will be for them to be successful and have decided to limit their exposure. Whatever it is one thing is certain, the vision is gone baby, the vision is gone.

Share
3 Replies - Leave a reply

Indivo Health: Further Details on Dossia Agreement

Posted on by

Had the opportunity last week to get an update from Will Crawford and Ken Mandl of the Children’s Hospital Informatics Program (CHIP), a joint collaboration of Harvard Medical and MIT. The objective was to learn more about the recent agreement between CHIP and Dossia, whereby Dossia will adopt Indivo as the Personal Health Record (PHR) platform, or what CHIP refers to as PCHR for Personally Controlled Health Record system.

Indivo has been one of those academic exercises where some interesting technology (a completely Open Source PHR) has been developed, tested and refined over the years (13 years and counting). The overall purpose has not been to create a product for the market per se, but to develop a platform that can be used to better understand the possible role of a PHR system in healthcare to improve outcomes. Over the years CHIP has addressed a whole host of platform development issues for Indivo from usability to interoperability, privacy, security and finally, consumer and physician adoption. But this has all been very much in an academic setting. Consequently, little real world testing has been done to date on Indivo platform and by real world I mean large-scale deployments and use. Note, they have done limited deployments at both Children’s Hospital, MA-SHARE, a regional RHIO, at MIT where they have a couple of hundred subscribers and in Canada where there are several hundred subscribers as well. They are also currently rolling it out at several other locations.

That is all about to change.

On Sept. 17th, Dossia announced that they had chosen Indivo as the platform for the 5 million plus employees, retirees and dependents, that Dossia’s employers represent. That is a massive leap forward and a huge vote of confidence for the folks at CHIP and their Indivo PHR. But a lot of questions have been raised as to how independent CHIP and Indivo will remain now that they have such a large client and even more importantly, there is a ton of cynicism regarding what the true motivations are of the employers that are sponsoring Dossia.

Will and Ken wanted to set the record straight. Following are a few highlights from our conversation (Note, these are NOT verbatim, but based on my quick notes):

Ques: How independent will Indivo Health remain? Does the agreement with Dossia put any restrictions on Indivo?

Ans: CHIP remains an independent non-profit entity directly responsible for Indivo. The Indivo platform will remain an Open Source platform and adhere to the conditions of the open source community for enhancements, distribution and use. There are no restrictions on CHIP’s ability to establish future partnerships/relationships with others. In fact CHIP maintains complete autonomy and can exit this agreement at any point in time.

One area that Dossia did insist on was for CHIP to establish a stronger governance model for developing and enhancing the Indivo PHR. This governance model will formalize the process by which enhancements are chosen for development, acceptance, QA/QC testing protocols and how such enhancements will be formally supported upon their release. (Ed. This makes good sense for as an academic exercise, this issue was not high on the priority list. Dossia’s insistence on this point will lead to a better product for the broader market.)

Ques: Who will actually operate and maintain the Dossia/Indivo PHR once it is live? When is go live date?

Ans: CHIP will be directly responsible for day-to-day operation of the Dossia PHR. They will be contracting with an outside hosting service to physically host the PHR. Data transmitted to and from the hosting service is completely encrypted, end to end, to insure security and privacy of employee records. They will roll-out Indivo to a small group of early adopters within the Dossia community later this year.

Ques: Will Dossia employers have access to employee data?

Ans: Employers will have absolutely no access whatsoever to employee data that is resident on the Indivo platform. Important to point out that according to Ken and Will, the employers insisted on this as well. (Ed. Enlightened employers are more concerned with helping their employees stay healthy, which provides a much greater contribution to their bottom line, than trying to weed-out those that may have health issues by digging into their records.)

Ques: What is the biggest challenge going forward?

Ans: This is just hard to do. It requires an in-depth examination of existing systems, addressing interoperability, developing mechanisms that autonomously and automatically update records (they’re experimenting with bots), enhancing the user experience and most importantly insuring privacy and security of the platform. A core operating belief at CHIP is to focus on the end user, the consumer/patient. This is reflected in what they prefer to call their PHR, a PCHR for Personally Controlled Health Record system with an emphasis on personal control. CHIP believes that if they can make Indivo work for the consumer, it will have a corresponding and positive impact on other healthcare stakeholders, chief among them, physicians.

Having worked in academia and in industry I have seen my fair share of such partnerships disintegrate due to diametrically opposing views on what the priorities should be. Academics typically want to pursue their research and get published (trust me, you don’t get published and receive the accolades of your peers by commercializing a product), while companies such as those associated with Dossia are interested in the product and not another paper for JAMIA.

But overcoming such differences will be relatively trivial compared to getting all stakeholders (providers, employees and payers) on-board the Dossia initiative adopting and using Indivo to produce better outcomes and health for the consortium’s massive employee base. But Dossia does represent massive buying power in the healthcare market and can use that to their advantage.

CHIP and Dossia are really breaking new ground here as this will be the first large scale deployment in the US of a multi-data sourced PHR serving such a large community nationwide. If they can move beyond some fundamental motivational differences there is a lot of potential here to really move the ball forward on consumer adoption and use of PHRs. But no doubt about it, we still have quite a ways to go and it will be hard work. Closely tracking this initiative will offer some important insights into the future of this evolving technology and the broader theme of consumer directed healthcare. Stay tuned.

Share
1 Reply - Leave a reply