The healthcare industry hasn't been a big fan of cloud computing. In fact, even co-located and hosted data centers are a stretch due to security and privacy regulations. Verizon, however, aims to change that equation and just might succeed.
Verizon's enterprise unit, bolstered by its Terremark cloud computing portfolio, on Monday launched a portfolio of services designed to meet HIPAA (Health Insurance Portability and Accountability Act) requirements.
In a nutshell, health care players---payers, insurers and hospitals---will be able to host patient information in Verizon's Terremark data centers. Verizon also plans to offer co-location, managed hosting, cloud and private cloud services. Verizon's enterprise cloud services plan starts with healthcare, but can scale to other industries.
How will Verizon court healthcare? HIPAA requirements and various providers in the industry are held together by something called a business associate agreement (BAA). The BAA dictates that each party that touches patient data is required to meet HIPAA standards. If one party in the data chain fumbles it is liable for penalties and fines.
That BAA has limited the popularity of data center hosting. Dr. Peter Tippett, chief medical officer and vice president of Verizon’s health IT practice, said the telecom giant will sign a BAA. Verizon is among the first large players to sign a BAA.
"The healthcare industry just doesn't use much hosting, co-lo or cloud computing," said Tippett. "HIPAA wasn't created in a vacuum. Healthcare people have always been worried about security and privacy. We all blame HIPAA now, but it's just a manifestation of what the industry believed. Before HIPAA no medical records were emailed either."
If Verizon gets its way, hospitals and large healthcare players will move toward hosting, co-lo data centers and cloud computing. Tippett said that Verizon has a few big-name parties that are interested and the response to the BAA offer has been positive. "We say we'll sign a BAA and people get giddy about it," says Tippett. "Verizon is really signing up for something to show we're comfortable with security."
The ROI for the healthcare players is fairly clear:
- Healthcare providers can offload data center management to focus on other things;
- Eliminate all the meetings, consultants and hassles that go with HIPAA and data centers;
- Refocus efforts elsewhere.
There are other cost savings that are possible, but individual mileage will vary. Tippett said that Verizon's healthcare cloud services will be delivered from its Miami and Culpeper, Va. facilities. Both meet HIPAA security controls as well as PCI-DSS Level 1 Compliant Service Provider, ITIL v3 based best practices and physical clearance procedures.