Bill Russell, SVP, CIO: Why Health Care Needs the Cloud

With more than 800 active health IT applications to maintain, Bill Russell has no time for distractions. The senior vice president and CIO of St Joseph Health—a nonprofit integrated health-care network that includes 14 hospitals in California and Texas—has a lot on his plate.

There’s even more since the system’s February 2013 affiliation with the network of Hoag Memorial Hospital Presbyterian to form the regional Covenant Health Network (Irvine, California), covering an area stretching from California’s Orange County to the High Desert.

Russell, a relative newcomer to health care, has IT expertise informed by 26 years of consulting in the telecommunications, banking, engineering, and manufacturing industries. He specialized in cloud consulting at the time of his leap into health care.

It’s surprising that it is not the sector’s regulatory and security concerns that differentiate health care from the world of business IT, in Russell’s opinion. “Every industry has stringent security requirements, and while the regulatory environment in health care is complex, to be sure, it is just as complex in other industries,” he says.

The differences, he believes, are data complexity and the proliferation of proprietary systems. “The complexity is enormous, compared with tracking investments, balances, production, and even supply-chain activities,” he notes. “In the coming years, health care will become very personalized, and this will increase the number of permutations and variations on the data.”

For this reason, he believes health care should focus on data management that is specific to health care and not distinctly an IT function (which is where cloud-based applications enter). “For example, we need to understand that the care and maintenance of data centers, servers, storage, and—in some cases—networks is not distinctly health-care work, and we should move these items to the cloud,” he says.

Initial Cloud Moves

The easiest cloud technologies to implement are infrastructure-as-a-service, or IaaS, technologies, which cover the data center, servers, storage, network, and management platform associated with that equipment. “We view this as an opportunity to get out of the data-center–maintenance business,” he says. “This will save us several million dollars over the next three years.”

St Joseph Health also deploys a number of software-as-a-service (SaaS) technologies, including a cloud-based vendor-neutral archive (VNA) for medical images and an Apache Hadoop-based analytics platform. In the next two years, it will roll out a cloud-based human-resources application.

“SaaS provides some interesting opportunities and challenges, as we move forward,” Russell says. “While the central storage of information such as PACS images is intriguing, you have to be aware of vendor and data lock-in. We expect to be able to access just about every piece of data we store in the cloud programmatically, through application programming interfaces (APIs): We don't want to trade one trap for another. Proprietary clouds are what we are trying to avoid.”

For instance, if St Joseph Health wants to deliver PACS images to a patient portal, it doesn’t want to be locked into the vendor’s portal solution. “We want to be able to extract those images using APIs and deliver them in whatever portal we decide to use,” he explains. “We use a cloud-based VNA for storing and delivering our images to various platforms.”

To choose a cloud solution, ask the same questions asked of any application, Russell advises: Is it open? Does it have service-oriented architecture? Does it have APIs? How good are those APIs? How secure is it?

“We need our cloud providers to understand that when we put our data out there, they don’t own our data. They can’t trap our data,” he says. “We need to be able to get to discrete data elements at every stage of the development cycle. When we look for cloud providers, we are looking for characteristics found in service-oriented architecture.”

Time and again, Russell returns to the potential efficiencies that can be achieved using a cloud-based application. If a hosted cloud application doesn’t provide appropriate security and an architecture that maintains what he calls clear layers of abstraction, then Russell will build and maintain a private cloud to provide the platform for the application.

The Essential Shift

Building platforms that provide future flexibility through secure, accessible layers—not silos that trap information in proprietary information systems—is the essence of Russell’s work at St Joseph Health, as the health system moves into uncharted territory under health-care reform. “We have to start thinking in platforms,” Russell says. “None of us really knows the future; we can see glimpses. Every new technology we consider must be evaluated for its ability to interact with and provide value to our whole system, and not just to address a single concern. We have close to 800 applications at our system, many of which were selected for the value they bring to one department or a single site in the system. When they were selected, they were celebrated for their ability to address a problem that we faced. Over time, the concerns change, and applications become obsolete.”

He adds, “Platforms have the ability to evolve. Platforms have layers that allow us to put new interfaces and workflow on existing data and deliver new value to the organization. This is a paradigm shift in health care: Health care thinks in big, proprietary systems. We have to break out of that.” 

Health care’s immediate opportunities to rehabilitate its IT profile lie in integration, application rationalization, and data governance, Russell notes. “While none of these items are quick hits, they represent millions of dollars in savings for health care,” he says. “Understanding where every application fits in your environment and how everything interacts is really the most important thing. It’s data governance, and it’s application governance. A lot of times in health care, we collect applications. We don’t throw away old applications; we just add new applications on top.”

The Cloud, According to Russell Before becoming CIO of St Joseph Health (Irvine, California), Bill Russell encountered much vagueness in the understanding of cloud computing. In the interest of clarifying a murky subject, he identifies the following five characteristics that a platform must possess in order to be considered a true cloud: • a self-service Web-based provisioning tool; • a granular accounting method that offers the ability to meter the quantity and location of use; • a service-based solution that can be accessed, through an application programming interface (API), to access data and provision and deprovision services as needed; • a pay-as-you-go business model in which you pay only for what you are using; and • scalability, with the ability to scale use up and down very quickly. Another characteristic that is relevant in other industries (but in limited use in health care) is multitenancy, which offers tremendous cost benefits. “There’s a huge value in multitenancy,” Russell says. “In health care, there are very few things we can do in a multitenant environment because of our regulatory environment.” —C. Proval

When Russell describes service-oriented health-care IT architecture, he makes it sound almost simple: A database layer is abstracted from a communications layer, which is abstracted from a presentation layer. “We never really get bottlenecked or trapped. We can replace a layer instead of a complete application silo,” he explains. “In reality, if we have the right architecture, we could take the data abstracted from the presentation layer, and if we put another presentation layer on top of those data, they still have value, and we can still do some things with those data.”

Security Bugaboos and the Jetsons Future

Although he states that security is equally important to all of the industries in which he has served, Russell does not minimize its importance. “Above all else, our top priority in health-care IT is to ensure the appropriate security measures are in place to protect the confidentiality of all data being stored at all times,” Russell says. “I can't emphasize enough that you can't outsource security. We have to ensure that our cloud providers adhere to the policies and regulations that our specific industry requires—in some cases, this will take some solutions off the table.” 

Security begins with the business-associate agreement, and Russell uses a third party that penetrates the cloud environment and audits practices outlined in the agreement. “We need to know what those data are; who has access to them; where they are being stored; how they are being stored; and what the policies, procedures, and practices are concerning those data,” he explains. “That will rule out some providers.”

Looking into the future, Russell envisions a bigger clinical role for the cloud in a Jetsons-like future. “I hope we can get through the privacy and security concerns and get to a point where my body has more monitors on it than my car,” he says. “In a family with heart issues, it would give me peace of mind to know that I can be monitored every minute of every day, and that technology will sift through the mountains of data and identify potential issues before becoming a serious event. If, for example, we can predict a heart event a week or so before it happens—with an early-warning system—it would go a long way toward improving the health of our communities.”

He sees an even more important preventive role for technology in teaching children how to live healthy lives by providing them with the feedback and encouragement that they need to “stay the course, over their lifetimes,” he says. Russell checks his phone about 50 times a day. “Email, stocks, online games, Facebook, and Twitter: This is the new norm,” he says. “If we had more ways to check on our health, we might have the opportunity to nudge behavior, at a young age, and have long-term impacts.” Cheryl Proval is editor of Radinformatics.com.