hc3 kickoff presentations - june 19, 2014
DESCRIPTION
Slides from June 19th HC3 Kickoff meeting HC3 Overview Adam Greene What is the Cloud? Hemant Pathak The Disruptive Cloud Anish Sebastian The Practical Cloud Pete CelanoTRANSCRIPT
![Page 1: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/1.jpg)
Networking BreakfastPresentations Start at 9AM ET
![Page 2: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/2.jpg)
Logistics & Agenda
Grant Elliott
CEO, Ostendio, Inc.
@HCCColaition
#HC3
![Page 3: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/3.jpg)
@HCCCoalition #HC3
Event Sponsors
![Page 4: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/4.jpg)
@HCCCoalition #HC3
Agenda
8:30am Networking breakfast (sponsored by Davis Wright Tremaine LLP)
9:00am HC3 Overview Adam Greene
9:30am What is the Cloud? Hemant Pathak
10:00am The Disruptive Cloud Anish Sebastian
10:20am The Practical Cloud Pete Celano
10:40am Panel Discussion & QA Moderated by Shahid Shah
(Hemant Pathak, Chad Kissinger, Sandeep Pulim, Adam Greene)
11:30am HC3 Wrap up Adam Greene
Noon End
![Page 5: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/5.jpg)
@HCCCoalition #HC3
Questions & Comments
Send questions to @HCCCoalition #HC3
![Page 6: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/6.jpg)
Addressing Regulatory Challenges of Bringing Health Care to the Cloud
Adam H. Greene, JD, MPH
Partner, Davis Wright Tremaine LLP
![Page 7: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/7.jpg)
@HCCCoalition #HC3
The Challenges
Cloud computing and cloud-based mobile
technology can improve health care and reduce
costs, but…
![Page 8: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/8.jpg)
@HCCCoalition #HC3
The Challenges
Health care is not fully leveraging cloud
technology because of lack of trust in information
security
![Page 9: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/9.jpg)
@HCCCoalition #HC3
The Challenges
Where health care entities leverage cloud computing, there are too many inefficiencies:
A sea of different information security questionnairesConfusion and disagreement over business associate agreement terms
Confusion over information security responsibilities
![Page 10: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/10.jpg)
@HCCCoalition #HC3
The Challenges
A lack of HHS guidance on how HIPAA applies to cloud computing:
What if cloud vendor was unaware it was hosting PHI for a covered entity?
No guidance or audit protocols specific to business associates
How to handle patients rights and breaches when you may not know what information you have
![Page 11: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/11.jpg)
@HCCCoalition #HC3
The Challenges
The price of entry for small companies into health care is too high
because of this confusion.
![Page 12: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/12.jpg)
@HCCCoalition #HC3
The Mission of HC3
Reduce obstacles to the health care sector leveraging cloud computing technology. Promote innovation by reducing health care compliance burdens on health care technology companies.
![Page 13: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/13.jpg)
@HCCCoalition #HC3
The Objectives of HC3
1. Understanding – Create an accepted framework for health care and cloud computing
![Page 14: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/14.jpg)
@HCCCoalition #HC3
The Objectives of HC3
Develop internal guidance on how
HIPAA applies to cloud computing.
![Page 15: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/15.jpg)
@HCCCoalition #HC3
The Objectives of HC3
Develop tools, such as:
Sample business associate agreement provisions, to address unique cloud computing issues
Notices that clearly identify each party’s security responsibilities
A self-audit protocol for cloud computing providers
![Page 16: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/16.jpg)
@HCCCoalition #HC3
The Objectives of HC3
Work with health care providers and other associations (e.g., HIMSS, Cloud Security Alliance) to obtain feedback and promote the tools and guidance.
![Page 17: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/17.jpg)
@HCCCoalition #HC3
The Objectives of HC3
2. Trust – Build trust in cloud computing and regulatory compliance through an accepted accreditation/certification process or other programs.
![Page 18: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/18.jpg)
@HCCCoalition #HC3
The Objectives of HC3
Certification needs to be: Focused on health care (e.g., HIPAA, Alcohol and Substance Abuse Treatment Confidentiality)
Focused on cloud computingScalable (e.g., works for both large IaaS provider and small SaaS provider that does not host its own data)
![Page 19: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/19.jpg)
@HCCCoalition #HC3
The Objectives of HC3
Not looking to reinvent the wheel. Adopt and promote any existing or upcoming
certifications/accreditations that meet our needs. Tweak any existing certifications/accreditations
that get us 90% of the way there.
![Page 20: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/20.jpg)
@HCCCoalition #HC3
The Objectives of HC3
3. Government Outreach – Seek regulatory guidance from HHS and other relevant agencies. Maintain outreach and transparency with the government.
![Page 21: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/21.jpg)
@HCCCoalition #HC3
The Objectives of HC3
4. What else?
![Page 22: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/22.jpg)
@HCCCoalition #HC3
Next Steps?Discuss the scope of what HC3
will initially take on.
Volunteers
![Page 23: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/23.jpg)
Health Care Cloud CoalitionLegal considerations with cloud
computing
A View From The Cloud Vendor. Insight on the HIPAA Omnibus Rule, Cloud Privacy & Security, and HIPAA
Enforcement
Hemant Pathak, Assistant General Counsel, Microsoft
![Page 24: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/24.jpg)
@HCCCoalition #HC3
What are the types of cloud model we are going to discuss today?
Enterprise Cloud Three types of cloud services: SaaS, PaaS, IaaS Public, Private, Hybrid Always available Per user, consumption buying model Data and services with a common delivery model in
shared data centers Different from traditional “outsourcing”
![Page 25: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/25.jpg)
@HCCCoalition #HC3
Why do customers choose cloud services?
On demand scalability, reliability and flexibility of computing resources, updates, interoperability and tech support
Reduction of infrastructure costs & complexities at very large economies of scale across the board (electricity, network bandwidth, operations, SW & HW). Organizations can “get out” of the Data Center business
The right vendor can address state of the art security & privacy protocols to help customers address their compliance requirements in a highly regulated industry
![Page 26: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/26.jpg)
@HCCCoalition #HC3
From the cloud service provider (CSP) perspective – what are contracting expectations?
Cloud services are configurable, but generally not customizable
SLA, Service Descriptions, Security Descriptions Contract terms that require unique requirements for
service for one individual subscriber are not scalable Pre-Sales CSP & customer partnership and due
diligence on contract terms and solution alignment reduces risk now and in the future for both parties Ensure compliance with laws and corporate policies Protect brand and reputation for both parties
![Page 27: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/27.jpg)
@HCCCoalition #HC3
From the customer perspective – what are contracting expectations?
Where and how is data stored? Clear data maps and geographic boundary information Data
must be encrypted wherever possible
Who has access and what is accessed? Core customer data must be accessed only for service
delivery, troubleshooting, migration and malware prevention purposes on an exception basis and all access should be logged
Who owns data? The Customer. Data must be fully portable and retrievable
Who pays for costs related to security breaches? Commercial term addressed by the parties
![Page 28: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/28.jpg)
@HCCCoalition #HC3
Security & Privacy – How do you get assurances?
Security Physical Data Center standards Secure Networks Automated operations Robust breach prevention, detection and mitigation
Compliance -Cloud Service Providers (CSP) should address regulatory standards E.g. - ISO 27001, HIPAA BAA
Federal Trade Commission Watchdog groups Healthcare agencies DHHS
Independent Audit & Verification
![Page 29: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/29.jpg)
@HCCCoalition #HC3
What are questions Customers ask a potential CSP?
Security & Privacy Compliance Does the cloud vendor offer a BAA Does the BAA contain all required HIPAA terms Does the CSP stipulate to comply with breach notification rule, timely reporting,
appropriate and transparent limitations on use & disclosure and “minimum necessary”
Embedded technical, physical and administrative safeguards in support of HIPAA Data mining – will my cloud provider use my data for advertising, marketing or
other commercial purpose w/o my consent Does CSP have transparent and robust process on addressing third party
requests for data?
Clinical centered care strategies Compliance across collaboration modes through audio, video & messaging
HealthCare Enterprise Ready
![Page 30: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/30.jpg)
@HCCCoalition #HC3
What are consequences of non-compliance?
Phoenix Cardiac Surgery Fined $100,000 by DHHS for failure to obtain a BAA
“Covered Entity failed to obtain satisfactory assurances in business associates agreements from the Internet-based calendar and from the Internet-based public email providers that these entities would appropriately safeguard the ePHI received from Covered Entity.”
Oregon Health & Science University Negative PR stemming from breach involving storing a spreadsheet of
patient data with cloud service which was not a business associate.
DHHS Regulator Quotes“If you use a cloud service, it should be your business associate. If they refuse to sign a business associate agreement, don't use the cloud service.”
“…cloud services [are] under direct regulations of HIPAA…,"
![Page 31: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/31.jpg)
@HCCCoalition #HC3
Conclusion
Health Care Providers moving to the cloud want to choose a CSP that has been proven trustworthy and that they can trust.
Transparency about compliance, security and privacy practices and use of data is the key to trust.
Transparency allows customers to determine whether using a given cloud offering helps them to be compliant with applicable regulations and corporate policy.
![Page 32: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/32.jpg)
@HCCCoalition #HC3
QUESTIONS?
![Page 33: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/33.jpg)
The Disruptive Cloud – How the cloud is helping me drive innovation
Anish Sebastian Co-founder 1EQ
![Page 34: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/34.jpg)
@HCCCoalition #HC3
The Cloud
![Page 35: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/35.jpg)
@HCCCoalition #HC3
The Cloud = 10X Improvement!
Ease of Use Scalability Risk and Reliability Cost Security Connectivity
![Page 36: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/36.jpg)
@HCCCoalition #HC3
Ease of Use
![Page 37: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/37.jpg)
@HCCCoalition #HC3
Ease of Use
Deploy infrastructure quickly with no need for system admin No cabling, racking,
unboxing or buying Software now controls the
infrastructure Control your servers with
the click of a mouse
![Page 38: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/38.jpg)
@HCCCoalition #HC3
Scalability
![Page 39: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/39.jpg)
@HCCCoalition #HC3
Scalability
Can adjust to min by min variation in demand
Nothing to purchase and take delivery
Increase innovation, by removing “too scared to try” syndrome
Go global in a matter of seconds (co-location)
![Page 40: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/40.jpg)
@HCCCoalition #HC3
Risk and Reliability
Cancel immediately Change instantly, even OS Rebuilt instantly No long term contracts Based on enterprise grade
hardware Employ best practices in IT:
Design for failure Control framework Disaster recovery
![Page 41: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/41.jpg)
@HCCCoalition #HC3
Cost
Pay for only what you use – nothing up front and pay as you go
Zero cap Ex = lower burn rate = happy investors!
Cloud has economies of scale, business model based on volume not margin
Since we started using amazon, prices have gone down
![Page 42: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/42.jpg)
@HCCCoalition #HC3
Security
Architected for enterprise security requirements
More than likely more secure than what you can normally build yourself
AWS White paper on HIPPA Ability to quickly fix security holes
and keep up with new compliance standards.
![Page 43: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/43.jpg)
@HCCCoalition #HC3
Being an “aaS”
SaaS – Software as a Service
PaaS – Platform as a Service
IaaS – Infrastructure as a Service
![Page 44: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/44.jpg)
@HCCCoalition #HC3
The Cloud Pyramid
IaaS
PaaS
SaaS
Broad
Niche
![Page 45: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/45.jpg)
@HCCCoalition #HC3
The cloud Pyramid
IaaS
PaaS
SaaS
Developers
Users
Network Engineers
![Page 46: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/46.jpg)
@HCCCoalition #HC3
The cloud Pyramid
IaaS
PaaS
SaaSGoogle Apps, Heroku, Salesforce Windows Azure
SendGrid, Mailchip, TwilllioZendesk, ……..a lot more
Amazon, Racksapce
![Page 47: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/47.jpg)
@HCCCoalition #HC3
The cloud Pyramid – Applications long tail effect.
• The long tail is directly an impact of the cloud.
• They all talk to each other.
![Page 48: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/48.jpg)
@HCCCoalition #HC3
Connectivity
This long tail of products connect to the cloud via API
It has fueled a new era of API Allows for various SaaS
companies to stitch together a whole series of services generally via API
Everything is connected to everyone
![Page 49: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/49.jpg)
@HCCCoalition #HC3
Differentiation
Bottom Line: The cloud allows you to focus on what
truly makes you different Let’s you outsource commoditized
services and services that are not your core competencies.
![Page 50: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/50.jpg)
@HCCCoalition #HC3
What does the future look like?
![Page 51: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/51.jpg)
The Answer is in the Cloud
Pete Celano
MedStar Institute for Innovation
www.mi2.org
![Page 52: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/52.jpg)
@HCCCoalition #HC3
Mission
Extend Access to the Poor/Rural
Reduce Costs
Better Outcomes
New Revenue
![Page 53: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/53.jpg)
@HCCCoalition #HC3
New World
Old World: EMR(s) is what you have
New World: Innovate “north” of the EMR.
And bolt-in.
![Page 54: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/54.jpg)
@HCCCoalition #HC3
Focus Areas
1. Capacity Utilization
2. Extending the Site of Service
3. Flowing Data to Docs
![Page 55: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/55.jpg)
@HCCCoalition #HC3
5-Step Process
1. What problem are we trying to solve, and RoI?
2. Balance Sheet Test
3. Our BAA
4. Pilot Fast
5. Take it Wide if Pilot Works & Economics are Verified
![Page 56: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/56.jpg)
@HCCCoalition #HC3
Five Predictions
1. Only more inventors will run-not-walk to healthcare
2. EMR vendors will be acquiring right & left in 2015 and beyond
3. Solutions will start breaking Provider-only and Provider-Payer (“Provayer?”)
4. Virtual Visits will take off like a rocket
5. Apple’s HealthKit et al will finally make Remote Patient Monitoring relevant.
![Page 57: HC3 Kickoff presentations - June 19, 2014](https://reader035.vdocuments.us/reader035/viewer/2022081413/54621faab1af9f936c8b4dd9/html5/thumbnails/57.jpg)
Panel Discussion and Q&A10:40AM – 11:30AM
• Hemant Pathak (Microsoft)• Chad Kissinger (OnRamp)• Sandeep Pulim (@Point of Care 360)• Adam Greene (Davis Wright Tremaine LLP)
- Moderated by Shahid Shah, Netspective