Emerging Role of Content Delivery Networks in Healthcare IT

09Oct09

Yesterday was a busy meeting day for me (9 meetings in 8 hours) and we all know that on days like those your brain can get a little mushy. But my last meeting yesterday was one of the best one’s I’ve had lately because it revealed to me just how important strategic planning can be around technology infrastructure and network decisions; especially as they relate to sharing vast amounts of data with physicians across the country.

Content delivery networks (CDNs) are widely used by companies that understand them. But remarkably many in the trenches of healthcare IT (technologists and legal advisors) either don’t understand how a CDN can improve the user experience, ultimately lower costs, and improve patient care, or worse, fear embracing the use of this type of network because of possible security issues relating to protected health information (PHI).

A content delivery network (CDN) is a system of computers containing copies of data, placed at various points in a network so as to maximize bandwidth for access to the data from clients throughout the network. A client accesses a copy of the data near to the client, as opposed to all clients accessing the same central server, thereby causing a bottleneck near that server.

Imagine the scenario of a radiology imaging company wanting to serve X-ray images of a patient in a secure manner with the patient’s doctor located on the other side of the country. If that company were to place this content in a single data warehouse on the West Coast, and the doctor tries to access that information from the East Coast, common internet traffic may delay the feed significantly enough to make it inconvenient for that doctor to even attempt accessing that image. This can be a real deal breaker if the doctor needs real time access to the image, or needs to interact with that image in any way.

Policy makers in Washington DC are beginning to understand the emerging role of CDNs, even as they strengthen regulations surrounding PHI access. I’m encouraged by their recognition that security is a function of budget and that “Imposing ‘nuclear secrets’ security technology on a small doctor’s office is not feasible.”

John D. Halamka, MD, MS, Chief Information Officer of Beth Israel Deaconess Medical Center, Chief Information Officer at Harvard Medical School, Chairman of the New England Healthcare Exchange Network (NEHEN), Chair of the US Healthcare Information Technology Standards Panel (HITSP)/Co-Chair of the HIT Standards Committee, and a practicing Emergency Physician elaborates on what the HIT Standards Committee is debating as it relates to enhancing security for all stakeholders without creating a heavy implementation burden in his blog posted on October 7, 2009.

He states that:

  1. All data moving between organizations must be encrypted over the wire. Data moving in an organization’s data center should be encrypted if open wireless networks could lead to the compromise of data as it is moved inside the organization. There is no need to encrypt the data twice — if an organization implements appropriate secure wireless protocols such as WPA Enterprise, the data can be sent within the organization unencrypted.
  2. All data at rest on mobile devices must be encrypted. Encrypting all databases and storage systems within an organization’s data center would create a burden. But ensuring that devices such as laptops and USB drives, which can be stolen, encrypt patient-identified data makes sense and is part of new regulations such as Massachusetts’ data protection law.

As more healthcare information goes digital, delivery of that content will require that the data warehousing model commonly used by healthcare IT change to be decentralized and copied to multiple places for delivery-on-demand.

I have a few predictions:

  • Encryption, security policies, and regulatory-compliant data centers will evolve to support this delivery strategy.
  • Data hosting will become a commoditized service if Data Centers fail to alter their infrastructure and policies in a way that complies with the HITECH Act, FISMA, PCI Standards, and/or HIPAA standards.
  • Healthcare providers and technology suppliers who want to succeed will continue to think outside the traditional box in how they deliver content and will chart new territory in how to marry security policies with best-of-class content delivery.
  • Unsuccessful providers and suppliers will bunker down and never let anyone “outside their data center” touch their data. There will be plenty of those in the future, and ironically they’ll begin to see their market share dwindle as the market adopts new ways of accessing PHI without breach incidents.
  • Policy makers at the federal level will succeed in creating standards that the industry can live with.
  • Content Delivery Networks will play an important role in medical content delivery, especially if CDN providers can provide the security necessary for healthcare IT players to trust healthcare content outside their physical networks.
Advertisements


No Responses Yet to “Emerging Role of Content Delivery Networks in Healthcare IT”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: