Regarding the security aspect, there is still a lot of confusion, between both on-premise and cloud in general, and between public and private clouds.
Much comes down to the control of data—who will have access to the data, and who can get access to the data. The public cloud is, by definition, used by multiple tenants, whereas a private cloud is single tenant, and thereby a private cloud is a more isolated entity that gives you full control of the data. However, while the private cloud might be perceived as more secure, many security breaches are the result of poor configurations and mistakes that derive from within the hospital’s IT environment. Security is all about building multiple layers of security, an area in which many public cloud providers possess superior expertise.
You may also consider the impact of the US CLOUD Act on the cloud provider you choose. It stipulates that US cloud providers, private and public, are required to disclose any data they keep, if so instructed by a US governmental agency.
As a healthcare provider, you need to understand the entire security infrastructure. The public cloud means more shared responsibility of security parameters. Some elements of security are typically provided by the cloud provider, while some are provided by third parties. This is in contrast to the private cloud provider, which generally has control over all security parameters in-house.
Another aspect to consider is that a public cloud means that you need to assume a greater responsibility for security. The public cloud provider does not normally offer the same level of support in configurations or in relation to performing customizations to suit the applications used. With a private cloud, and a public cloud provided by a health IT vendor, a higher level of assistance and customization can contribute to the development of a more secure environment.
Generally speaking, security is expensive. Economy of scale means that the larger the cloud you build, the more you can spend on security. Public clouds are generally larger than private clouds and hence more money is spent on and effort put into security. However, the majority of industry experts agree today that most cloud models are, on the whole, more secure than a general on-premise installation.
The time from decision until you can utilize the system and its applications is normally shorter with public clouds. Especially for those provided by the tech giants, since they offer a ‘plug and play’ approach. The private cloud is similar to an on-premise installation, where the vendor first needs to build the environment and make suitable customizations before you can start using the service.
On the upside, the implementation of a private cloud, and to some extent a public cloud provided by a health IT company, offers a flexibility to adjust the environment and setup to meet specific application demands and to resolve issues. This can result in a faster and less painful implementation.
The higher customization of private clouds and public clouds provided by health IT companies can, in many cases, offer higher application performance since they can be tailored to maximize performance for specific needs. This is something that is highly dependent on the type of applications that will run in the environment, and whether or not they are designed for a cloud environment. Although the private cloud can initially offer higher performance, this will not last for long given that the hardware and software in public clouds is continuously upgraded.
Redundancy and elasticity
Private clouds have the ability to spread workload over multiple servers but are limited by the amount of server space the cloud vendor owns or operates. The public cloud has a much greater capacity to scale out its servers should demand suddenly increase, for example, in connection with an acquisition of a new hospital.
Public clouds (both models) have the advantage of being able to offer higher redundancy and can thus generally guarantee higher uptimes. Hence, public cloud providers can offer better service level agreements (SLAs) that, if breached, may result in fines as regulated in the contract. For you as a health provider, this can serve as an insurance to cover any extra costs and lost revenue if the system is inaccessible for a period.