VIENNA - Driven by patients and political forces, momentum is building for the adoption of cloud computing technology in healthcare in the European Union (EU). For PACS, cloud computing offers many potential benefits -- as well as some concerns, according to a talk on Saturday at ECR 2016.
Cloud computing may also spark changes in how PACS technology is conceived and implemented. While the traditional PACS -- a system that just provides for viewing and storing of images -- probably will not disappear in the near future and will continue to be an option as part of an enterprise imaging concept, that may not be the case for PACS that serves as a workflow and management system (i.e., a RIS/PACS), said Dr. Jan Schillebeeckx, a radiologist from Knokke, Belgium.
"Most likely, PACS in this definition might evaporate in several cases in the enterprise imaging model or the electronic healthcare record," he said. "That's what we would call today the deconstructed PACS [approach]."
Schillebeeckx discussed the future of PACS and cloud computing during a refresher course on Saturday morning.
A mental shift
The adoption of cloud computing technology will be a technological paradigm shift in healthcare, but also a substantial mental shift for stakeholders, Schillebeeckx said.
Not many major issues remain on the technological side of cloud computing in healthcare and PACS, thanks to the availability of zero-footprint viewers and the good bandwidth available most of the time in Europe, he said. Mentally, some concerns remain, however.
"Do we trust healthcare and PACS in the cloud?" he said. "Is it safe? What about privacy and reliability? At least that is what many people think."
Hospital information and communication technology (ICT) departments are keeping the brakes on a transition to cloud computing. In addition, physicians such as radiologists tend to have a conservative view on cloud computing, but opinions are mixed.
On the other hand, politicians and the public clearly support a transition to cloud computing, Schillebeeckx said. The EU is pushing the process forward with its Digital Agenda, which affirms "that incorporating the right of individuals to have their personal health information safely stored within a healthcare system accessible online" is essential for the success of eHealth technologies.
"They believe that by 2020, every European citizen will have his or her healthcare record in the cloud," he said.
Meanwhile, the European Consumer Organization (BEUC) published a paper in 2013 advocating patient access to the electronic health record, including in the cloud. It also sought to guarantee privacy and data protection, ensure the highest level of quality and safety, and improve interoperability and data portability, he said.
It may have slipped under the radar a little bit, but a new data protection compact for Europe was passed in December 2015. Effective 2018, the regulation will be applicable in every EU member state.
"This means that the vendors no longer need to deal with different countries," Schillebeeckx said. "[It's] the same law, the same regulation in every country."
The regulation includes some important patient empowerment provisions. For example, they will have the right to be forgotten, including the ability to demand that hospitals delete data from their electronic health record.
Patients will also have easier access to their data and the ability to decide how the data are used, Schillebeeckx said. This regulation will bring about a big paradigm shift.
"From 2018, you as a citizen will decide where your data are," he said. "This is an extremely important thing, which means for me that cloud computing [in healthcare] most likely is inevitable."
Deployment models
According to the U.S. National Institute of Standards and Technology (NIST), there are three deployment models for cloud computing: the private cloud, the public cloud, and a hybrid cloud. A private cloud is a virtual IT infrastructure that is securely controlled by an organization, offering computing resources and on-demand infrastructure with dedicated resources, Schillebeeckx said.
"You can have it on-premise or you can have it off-premise," he said. "This depends on the risk and affordability of space required to maintain these resources."
A public cloud, on the other hand, is operated by a cloud service provider and offers its services over the Internet. Public clouds offer benefits such as a better return on investment and faster time to market, while also addressing concerns such as a lack of visibility, security, and reliability with private clouds, according to Schillebeeckx.
"[With this model], healthcare organizations don't need to worry about maintenance and security; you don't need to have in-house experts," he said. "These functions can be better provided by a service provider so that you, as a healthcare provider, can focus on your core competence, which is patient care."
A community cloud -- a subset of the public cloud model -- is tailored to a specific industry such as healthcare and offers a customizable deployment model. This approach enables sharing of healthcare information and economies of scale.
"As more and more healthcare information exchange takes place, this method of deployment is believed to gain traction," he said. "I also strongly believe in this [model] and the providers will look forward to forming a congregation in order to receive the benefits under an umbrella of services."
Popular in Belgium, the hybrid cloud blends the benefits of the public and private cloud models, according to Schillebeeckx.
"This is preferred when end users need to store highly sensitive and mission-critical data in a secure environment," he said.
With a hybrid cloud, organizations can mix and match to provide the complete range of IT services needed by healthcare providers.
"This means that you would like to have everything stored in-house, but would also like to offer services via your Web portal," he said.
For example, a hybrid cloud can yield benefits such as immediate patient access to images via the public cloud.
"Everything stays within the hospital, but you have access to your data via the public cloud," Schillebeeckx said.
Service types
Cloud services can be provided via an infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). In the IaaS approach, organizations outsource the computing equipment needed to support operations. The service provider owns the equipment and is responsible for housing, running, and maintaining it. This is typically paid for on a per-use basis.
With PaaS, core elements of computing infrastructure are provided over the Internet, including the operating systems, storage, and network capacity. Because it eliminates the need to set up and manage the underlying hardware, software, and provisioning on which the application runs, this model simplifies the deployment of new software.
"It's a service model that provides a platform on which the end user can build their own applications and determine their own storage requirements and networking needs," Schillebeeckx said.
SaaS, on the other hand, is a software distribution model that involves vendors or service providers hosting applications that are made available to customers over the network, typically via the Internet.
Moving PACS to the cloud would offer a number of advantages, including less upfront costs, access to on-demand capacity, reliable backup and recovery, quick deployment, easier management of IT staff, and better financial planning, he said. Weaknesses of this approach include performance concerns, the need for data migration, and portability of data.
Opinions vary as to whether security and privacy would be considered strengths or weaknesses of having PACS in the cloud, Schillebeeckx said.
"If you talk with service providers, they say that [cloud computing] gives you more security and privacy," he said. "We as doctors and patients aren't sure about it."
PACS in the cloud would provide opportunities such as ubiquitous availability of patient healthcare records, healthcare information exchange in a community cloud, and facilitation of research opportunities, he said. Threats include the potential for misuse of patient confidential data and a difficult exit strategy.
