Contenu connexe
Similaire à Cloud Computing Enables Consumer-Centered Healthcare (20)
Plus de Eiji Sasahara, Ph.D., MBA 笹原英司 (20)
Cloud Computing Enables Consumer-Centered Healthcare
- 1. Cloud Computing Enables
Consumer-Centered
Healthcare
Eiji Sasahara, Ph.D., MBA
Dan McGuire, MBA
Hitoshi Iwashita, MBA
Healthcare Cloud Initiative
October 15, Intiative
©2009 Healthcare Cloud 2009 1
- 2. Agenda
• 1. Introduction
• 2. Understanding Cloud Computing
• 3. Cloud Computing in Healthcare
• 4. Case study in Life Science/Pharma
• 5. Case study in Healthcare provider
©2009 Healthcare Cloud Intiative 2
- 3. 1. Introduction (1)
• Speakers
– Eiji Sasahara, Ph.D., MBA
http://www.linkedin.com/in/esasahara
– Dan McGuire, MBA
http://www.linkedin.com/pub/dan-mcguire-japan-
healthcare-network/1/970/329
– Hitoshi Iwashita, MBA
http://www.linkedin.com/pub/hitoshi-iwashita/0/34a/694
©2009 Healthcare Cloud Intiative 3
- 4. 1. Introduction (2)
• Healthcare Cloud Initiative
– Grass-root group to share knowledge
about benefits and risks of cloud
computing, and to promote new
business development with ICT
utilization in the healthcare industry
• Life science & Pharmaceutical
• Healthcare Provider
• Healthcare Payer
©2009 Healthcare Cloud Intiative 4
- 5. 1. Introduction (3)
• Healthcare Cloud Initiative
– Focus areas in Healthcare Value Chain
Patients Healthcare Communication General
Academia
& families Professionals Media Consumers
Opportunities and Risks of Cloud Computing
-New Business Development
-Technology Innovation
Clinical Relationship Professional Advertising Direct-to-
Trial Development Education & Promotion Consumer
Supports w/Opinion & Advocacy Education
Leaders & Advocacy
©2009 Healthcare Cloud Intiative 5
- 6. 1. Introduction (4)
• Cloud Security Alliance
– Global, not-for-profit organization
– Inclusive membership, supporting broad
spectrum of subject matter expertise:
cloud experts, security, legal,
compliance, virtualization, and on and
on…
– We believe Cloud Computing has a
robust future, we want to make it better
“To promote the use of best practices for providing security assurance
within Cloud Computing, and provide education on the uses of Cloud
Computing to help secure all other forms of computing.”
©2009 Healthcare Cloud Intiative 6
- 7. 1. Introduction (5)
• Cloud Security Alliance
– Individual Members (LinkedIn Community)
<Active Working Groups> <New Working Groups>
-Editorial -Healthcare
-Educational Outreach -Cloud Threat Analysis
-Architecture -US Federal Government
-Governance, Risk Mgt, Compliance, -Financial Services
Business Continuity
-Legal & E-Discovery
-Portability, Interoperability and Application Security
-Identity and Access Mgt, Encryption & Key Mgt
-Data Center Operations and Incident Response
-Information Lifecycle Management & Storage
-Virtualization and Technology Compartmentalization
©2009 Healthcare Cloud Intiative 7
- 8. 1. Introduction (6)
• Cloud Security Alliance
– Resources
• ”Security Guidance for Critical Areas of
Focus in Cloud Computing”
(http://www.cloudsecurityalliance.org/)
• ”Cloud Security and Privacy: An Enterprise
Perspective on Risks and Compliance”
(http://oreilly.com/catalog/9780596802769/)
©2009 Healthcare Cloud Intiative 8
- 9. 2. Understanding Cloud Computing (1)
• Definition of Cloud Computing
by National Institute of Standards and Technology (V15)
“Cloud computing is a model for enabling
convenient, on-demand network access to
a shared pool of configurable computing
resources (e.g., networks, servers, storage,
applications, and services) that can be
rapidly provisioned and released with
minimal management effort or service
provider interaction.”
(http://csrc.nist.gov/groups/SNS/cloud-
computing/index.html)
©2009 Healthcare Cloud Intiative 9
- 10. 2. Understanding Cloud Computing (2)
• Characteristics of Cloud Computing
by NIST (V15)
– On-demand self-service
– Ubiquitous network access
– Resource pooling
• Location independence
• Homogeneity
– Rapid elasticity
– Measured service
©2009 Healthcare Cloud Intiative 10
- 11. 2. Understanding Cloud Computing (3)
• Cloud Service Models by NIST (V15)
– Cloud Software as a Service (SaaS)
• Use provider’s applications over a network
– Cloud Platform as a Service (PaaS)
• Deploy customer-created applications to a cloud
– Cloud Infrastructure as a Service (IaaS)
• Rent processing, storage, network capacity, and
other fundamental computing resources
©2009 Healthcare Cloud Intiative 11
- 12. 2. Understanding Cloud Computing (4)
• Cloud Deployment Models by NIST (V15)
– Private cloud
• enterprise owned or leased
– Community cloud
• shared infrastructure for specific community
– Public cloud
• Sold to the public, mega-scale infrastructure
– Hybrid cloud
• composition of two or more clouds
©2009 Healthcare Cloud Intiative 12
- 13. 2. Understanding Cloud Computing (5)
• Characteristics of Cloud Computing
by Cloud Security Alliance
– Abstraction of Infrastructure
– Resource Democratization
– Services Oriented Architecture
– Elasticity/Dynamism
– Utility Model of Consumption & Allocation
Business requirements identify
features of cloud computing
©2009 Healthcare Cloud Intiative 13
- 14. 2. Understanding Cloud Computing (6)
• Difficulty in Cloud Computing
by Cloud Security Alliance
– Who manage it
– Who owns it
– Where it’s located
– Who has access to it
– How it’s accessed
Big challenge: Security and risk control
under the cloud computing environment
©2009 Healthcare Cloud Intiative 14
- 15. 2. Understanding Cloud Computing (7)
• Architecture of Cloud Computing
Business (e.g.) Healthcare Healthcare
Life Science
Layer Payer Provider
Software: Collaborative, Content, ERM, SCM, CRM,
Application Operations & Manufacturing, Engineering, Business SaaS
Layer Intelligence, etc.
Software: Application Development, Quality & Life-
Platform Cycle Tools, Application Server/Integration &
Process Automation Middleware, Information & Data
PaaS
Layer
management, Systems & Network Management
Software: System & network management, Security,
Infrastructure Storage IaaS
Layer Hardware: Healthcare Storage, Network, Clients
©2009 Server, Cloud Intiative 15
- 16. 2. Understanding Cloud Computing (8)
• What is Governance, Risk and
Compliance (GRC) Management?
– Governance: Activities to demonstrate
strategy direction and systems to
regulate and monitor corporate business
management
– Risk: Activities to identify, analyze and
manage risks inside/outside the
company
– Compliance: Activities to adhere to rules
and requirements set by laws, standards
and code of ethics Cloud Intiative
©2009 Healthcare 16
- 17. 2. Understanding Cloud Computing (9)
• GRC Management and ICT
– Application Layer
• Compliance Management Solutions
• Business Assurance Analytic Solutions
• Financial Compliance and Reporting
• Compliance Process Automation
• Enterprise and Operational Risk Management
Solutions
– Platform and Infrastructure Layers
• Compliance Infrastructure Solutions
– Security Management Solutions
– IT Governance Management Solutions
– Records and Information Management Solutions
©2009 Healthcare Cloud Intiative 17
- 18. 2. Understanding Cloud Computing (10)
• Architecture of GRC Management ICT
Business Personal Consumer
J-SOX
Layer Information Safety
Software: Compliance Management, Business
Application Assurance Analytic, Financial Compliance and SaaS
Layer Reporting, Compliance Process Automation,
Enterprise and Operational Risk Management, etc.
Software: Application Development, Quality & Life-
Platform Cycle Tools, Application Server/Integration &
Process Automation Middleware, Information & Data
PaaS
Layer
management, Systems & Network Management
Software: System & network management, Security,
Infrastructure Storage IaaS
Layer Hardware: Healthcare Storage, Network, Clients
©2009 Server, Cloud Intiative 18
- 19. 2. Understanding Cloud Computing (11)
• Impact of Consumer as a Stakeholder
– Consumer-centered healthcare drives ICT utilization.
– Consumerization of ICT drives cloud computing.
Consumer-
Business Healthcare Healthcare
Centered
Life Science
Layer Payer Provider
Movement
Software:
Application SaaS
Layer Healthcare Cloud
ICT Computing
Software:
Platform GRC PaaS
Layer Management
Consumer
Software: as a
Infrastructure Stakeholder IaaS
Layer Hardware: Healthcare Cloud Intiative
©2009 19
- 20. 3. Cloud Computing in Healthcare (1)
• “Cloud Computing: A new business
paradigm for biomedical information sharing”
Rosenthal A, Mork P, Li MH, Stanford J, Koester D, Reynolds P.
J Biomed Inform. 2009 Aug 26.
(http://www.ncbi.nlm.nih.gov/pubmed/19715773)
– For customers, cloud computing is
primarily a new business paradigm, as
opposed to a new technical paradigm.
Who are “customers” in healthcare?
= Consumers (Patients and families)
©2009 Healthcare Cloud Intiative 20
- 21. 3. Cloud Computing in Healthcare (2)
– Features of Cloud Computing in
Biomedical informatics
• Resource outsourcing
• Utility computing
• Large number of machines
• Automated resource management
• Virtualization
• Parallel computing
Business requirements identify
features ofHealthcare CloudComputing
©2009 Cloud Intiative 21
- 22. 3. Cloud Computing in Healthcare (3)
• “Security and privacy requirements for multi-
institutional cancer research data grid”
Manion FJ, Robbins RJ, Weems WA, Crowley RS.
BMC Med Inform Decis Mak. 2009 Jun 15;9:31.
(http://www.ncbi.nlm.nih.gov/pubmed/19527521)
– Key Challenge is developing suitable
models for authentication and
authorization practices within federated
environment.
Healthcare cloud is based on federated
environment (à Hybrid Cloud)
©2009 Healthcare Cloud Intiative 22
- 23. 3. Cloud Computing in Healthcare (4)
• Recommendation for large scale federated sharing of data
within a regulated environment
– Necessity to construct separate legal or corporate entities for governance
of federated sharing initiatives
– Consensus on the treatment of foreign and commercial partnerships
– Development of risk models and risk management processes
– Development of technical infrastructure to support the credentia ling
process associated with research including human subjects
– Exploring the feasibility of developing large-scale, federated honest broker
approaches
– Development of suitable, federated identity provisioning processes to
support federated authentication and authorization
– Community development of requisite HIPAA and research ethics training
modules by federation members
– Recognition of the need for central auditing requirements and authority
– Use of two-protocol data exchange models where possible in federation
©2009 Healthcare Cloud Intiative 23
- 24. 3. Cloud Computing in Healthcare (5)
• Summary
– Cloud computing is primarily a new
business paradigm.
– Consumer-as-a-Stakeholder approach
integrates cloud computing, GRC
management and healthcare ICT.
– GRC management should be the
enabler of cloud computing in total
healthcare value chain.
©2009 Healthcare Cloud Intiative 24