As healthcare organizations digitize more data, they are looking for cloud providers to help them realize the scalability of cloud environments without sacrificing compliance and security controls.
According to a report last year by SADA Systems, over the next two years, 58 percent of healthcare organizations not using cloud today say they are likely to do so, while 95 percent of healthcare organizations using cloud today plan to increase their cloud usage. Greater use of cloud technologies will come with a need for new solutions around cybersecurity.
Pharmacy programs consulting firm Pharmaceutical Strategies Group (PSG) looked at a handful of cloud providers before signing Armor, Rishi Khullar, executive vice president, chief product and technology officer, said in an interview with Talkin’ Cloud.
Based in Plano, TX, PSG provides technology and advanced analytics solutions for customers including health plans, hospitals and health systems, labor unions, coalitions and self-insured employers, according to a press release.
In a statement, Khullar said that “collecting and analyzing data is central to supporting our clients in optimizing their pharmacy spending. Clearly, this is highly sensitive information and security is our chief concern. With Armor, we not only enhance customer data protection, but also deliver highly reliable and scalable solutions that allow us to provide our clients with actionable intelligence that helps them mitigate risk and optimize their pharmacy spend.”
Khullar tells Talkin’ Cloud that PSG had three main objectives as it went through the process before it selected Armor Complete for HIPAA-compliant secure private cloud hosting.
1. Best-of-Breed Security
“Since we manage private health information and our customers trust us to manage it on their behalf we had to have a solution that wasn’t just good or good enough, that was the best when it comes to managing PHI in a secure fashion,” Khullar said. “Out of the gate we were not going to go look at the bottom or mid-tier vendors. We focused exclusively on top tier vendors from a security perspective.”
This means that vendors like Google and Amazon were out, even though they may have been cheaper.
2. Fully Managed Service
“Our second criterion was we wanted a fully managed service. We didn’t want to expose our customers to two or three providers – someone who is hosting the data, someone else administering the platform, and someone else managing security,” Khullar said.
“We did look at that and it might have been a little bit cheaper for us to go hire an Amazon, and then hire an MSP, and an MSSP, but we didn’t want to have to deal with that complexity, because we were afraid that some of that complexity would bleed over into our customers’ experience. We wanted a one-stop shop: platform, data, managed service, managed security, fully turnkey.”
Armor chief of operations and security Jeff Schilling said, customers “…come to us because we are HITRUST certified, our HIPAA controls are in place and when they host with us they inherit all of those controls.”
“For most large companies to spin up a compliant environment like HIPAA or PCI, [other vendors will] tell you anywhere between 4-6 months,” he said.
3. Availability and Scalability
“The third thing that we were after was availability and scalability. We wanted someone that would have very strong SLAs for availability and redundancy because we want to make sure that we provide uninterrupted service to our customers at service they expect and beyond,” Khullar said. “We wanted someone that could scale up with us since we expect to see exponential rise in the data and analytics and software solutions that we provide to our clients; we want a partner that could keep up while being secure.”