. The business problem
| Explain clearly and succinctly the business problem to be solved, and why is change strategically important? Healthcare industries are facing many challenges and changing many times. Small and big healthcare industries are facing the challenges (Cárdenas, Manadhata & Rajan, 2013). The technological innovation, fast emerging regulation of government and expectation of patients are creating new environment that is not about treating the patients or running the medical practice only (Archenaa & Anita, 2015). Many aspects are there that the healthcare authority needs to do in this emerging industry. Cyber security is the prime concern in the healthcare industry (Kruse, Frederick, Jacobson & Monticone, 2017). The previous few years have experienced many IT security and hacking incidents in the healthcare industry. The healthcare industries are struggling for defending the network perimeter and keeping the cyber criminals at the bay. One of them Royal Melbourne Hospital is facing many privacy and security challenges in the organization. The surface of cyber-attacks are emerging and the intruders are creating more advanced tools for attacking the healthcare organization and they are trying to gain access to the information and the data of the organization. The healthcare industries are being the prime target of the cyber-criminal as they hold extremely sensitive information of the patients (Perakslis, 2014). The healthcare industry Royal Melbourne Hospital has been slow for responding and lagged behind the other healthcare organization in context of cyber security. The complexity and the scope of the regulation of the healthcare industry has made difficult for the organization to adopt innovation or technology (Fernández-Alemán, Señor, Lozoya & Toval, 2013). The organization is comparatively slow in adopting new technologies. Moreover, the limited budget on the cyber security investment is one of the reasons for poor security of the sensitive data. There is a high demand of the information of the patients in the black market that is fuelling many cyber-attacks and that is affecting the finance and reputation of the healthcare industry. Cyber criminals do not need to steal information form the system of the healthcare for making money. There are many ways to hack the system in which ransomware is a threat to the data and this ransomware has targeted many healthcare industry in recent years. This type of malware the hackers use to infect the IT system of the healthcare industry and prevent the industry to access to any file.While thinking of the technology and innovation in healthcare industry and more embedded communication, several vital factors are there to consider. Most important aspect is the security of the sensitive information. Security is the main concern in the healthcare industry as they always deals with the sensitive and confidential data of the patients. The industry has adamant requirements around the security of cryptography, which is able to dictate the details about the encryption, decryption and transmission of the data (Yang, Li & Niu, 2015). For building, any application for the healthcare industry, security standards and encrypted algorithm is needed. Moreover, the third party helps secure the system with the access control, data protection and business continuity procedures. Data regulation and privacy is the another concern in the healthcare industry (Casola, Castiglione, Choo & Esposito, 2016). Many laws and regulation of the data privacy are there that surround the document rights of the patients. This type of regulatory measures creates a burden on the fluidity of the sensitive data and makes the system more difficult in adopting innovation or new technology (Saedi & Iahad, 2013). HIPAA compliance is the raised concern for Royal Melbourne Hospital. For communication of the information of the patient through technology such as HIPAA, WebRTC requires the communication channel that needs to be secured for protecting and securing the confidentiality of the patients (El Jaouhari & Bouabdallah, 2018). For adding to complexity, the rules and regulation do not fit in all size. Data legislation and protection varies between the countries. The potential effect of cyber-attack in the healthcare industry is great. Moreover, to the certain potential for the surgeries, disruptive treatments and other operations, this type of facilities included with the huge amount of sensitive data of the patients. Hackers find the lucrative data from the medical records of the patients such as healthcare provider details, social security numbers, treatment history, address, phone numbers, credit card details and other information about the patients. The damage that can be caused by the cyber-attack never should take lightly otherwise, the credibility of the healthcare organization will be damaged extremely by the cyber-attack. These are the main reason that the healthcare should change their security system. It is very crucial to change the security system in order to protect and secure the confidential data of the patients. |
2. The proposed technology (or method, approach, …)
| explain clearly and in a language appropriate for a management audience what is the proposed technology (or method or approach), then argue and provide proof that it is expected to solve the business problem. Changes in the healthcare industry sweep through for reducing the cost and improving the outcomes of the industry. The healthcare industry is turning to the streamline and is managing the data or information of the patients in the cloud environment (Pino & Di Salvo, 2013). The increased data in the storage makes the healthcare to use the latest technology of cloud computing because of the hardware and software utilization with the less investment. As the ability of retrieving and storing data in the cloud in very essential, the industry has faced many challenges. The industry has a couple of concern about the security of the sensitive data of their healthcare. The first concern is about the reach to the high level of privacy of the data of the patients. Another concern is providing compatible information and the data integrity of the sensitive information is maintained (Sajid & Abbas, 2016). The healthcare industry needs to manage more of the request with available resources. The key objective of Royal Melbourne Hospital is to maximize the number of access to the healthcare service of their hospital. Therefore, the huge amount of data or information requires being stored, updated and processed. The healthcare demands more of the ability of computation in order to increase the quality of healthcare service. Cloud computing is able to improve the system by providing secure, better, ubiquitous and faster service at very low cost. This will also fulfil the requirement of Royal Melbourne Hospital. The increment in the life expectancy has led to the faster aging of the population. This has created the growing demand of the additional resources and medical care. Cost effective and innovative methods are needed for assisting the healthcare providers, who are able to address the global issues in a productive way. Cloud computing offers more practical solution in the information management system (Darwish, Hassanien, Elhoseny, Sangaiah & Muhammad, 2017). The system is based on the cloud computing, which is able to help the healthcare staff for accessing to the information and data of the healthcare from the various sources. It also will be beneficial for the patients who are suffering from the chronic conditions for connecting with the physicians and following up the prescribed medicines. Some of the benefits are eliminated for updating the IT system at the time of change in the guidelines or requirements of the healthcare.Considering the benefits of the cloud-based healthcare system, various concerns will be there about the privacy and security of the data. For maintaining the privacy and the security of the data of the healthcare, service provider of cloud and the healthcare industry needs to take extreme measures for securing and protecting the confidentiality of the patients. Many concerns are from the context of having the health information and data, which are classified into confidential in the cloud server. This data in the virtual world can be hacked easily. Therefore, the measures for the security of the data must be enforced before the deployment of the cloud-based healthcare provider. Appropriate encryption system implemented to role-based system is able to support the secure environment for storing the data and managing the data. In the data migrating process of healthcare in the cloud server, security precaution should be taken with the proper data encryption. While encrypting the data, the encryption is likely to be the secure way to handle the data of the patients. However, EHR (Electronic Health record) system is compatible with the encryption methods (Xhafa, Li, Zhao, Li, Chen & Wong, 2015). This is because of the multiple users, who have the access to the system. The access of the user can overlap due to the job speciality that is required in various routes for accessing to the EHR. This exemplifies the requirements for developing the sophisticated encryption methods, which is suitable for EHR. For an instance, using the SKE (Symmetric-Key Encryption) can be the advance encryption tools that are considered as efficient (Abbas & Khan, 2014). However, it can create complexity in the EHR system. This is because of the encryption of the technique, which needs the healthcare providers for using the key to encrypt and decrypt the system. Cloud computing is becoming the necessity in the healthcare industry. It is able to address the issues and helps in transforming the healthcare for sharing the data and information of the patient among the healthcare on any urgent case in the real-time. Before the transformation happen, there needs to be the strategy. For an instance, a potential strategy of cloud for the facility of healthcare can use the public infrastructure of cloud computing for allowing the public access for generic information or the medical resources of healthcare. Healthcare industry can use the public cloud to store the medical data of the organization. Essentially, public cloud provides the cost savings and service agility of the healthcare industry. |
3. Introducing the proposed change in the Enterprise
3.1 Where in the enterprise will this change have an effect, and what kind of change one could expect?
| Cloud computing in healthcare for data security is evolving in the prime areas to cover entities as the providers are seeking for the best option for keeping the system secure and protected. The healthcare needs to understand the security concerns of cloud computing. Cloud computing helps to improve the strength of the healthcare and controls the technology. Cloud computing can affect the healthcare in many ways in protecting and securing the confidential data of the patients.Cloud will create a protection against the DDoS (Distributed denial of service) (Khalil, Khreishah & Azeem, 2014). There are many chances of the DDoS attacks and the cloud computing focuses to take measure for stopping the huge traffic on the server of the healthcare. Cloud monitors, absorb and disperse the attack of DDoS and reduce the risks.Cloud has the security protocol for protecting the confidential data of the patients and prevents the tampering of the third party in data transmission (Rodrigues, De La Torre, Fernández & López-Coronado, 2013).Cloud will help in regulating the healthcare industries in maintaining and managing the infrastructure to protect the sensitive data.Cloud has the flexibility for avoiding the crashes of the server due to the high traffic. When the traffic is over, the server scales down for reducing the cost.Cloud computing will provide constant support to the healthcare’s assets and monitors the system 24/7. |
3.2 What are conditions for being able to perform this change?
| The cloud service providers share the burden of the integration with the clients. For realizing the advantages of SaaS, the cloud service provider needs to manage the updates with no additional charges and the clients will adopt the sophisticated capabilities in updating the timelines. Multi-tenancy is the cloud architecture, which eliminates the problems that is created by the old software model (Maenhaut, Moens, Ongenae & De Turck, 2016). A configuration cloud service needs to include the catalogue of business process of the healthcare, which is designed for meeting the requirements of the healthcare. A cloud service will provide the best security with no additional cost. Policies and the processes need to encompass the application, physical, data level security, back up, data recovery and network. The cloud service provider needs to maintain the performance of the IT infrastructure that is included with the database, data centre, storage system, network and operating system run on the cloud application. As the cloud system does not need the installation and investment of the software and hardware, the healthcare needs to get the productive and running in the fraction compared with the on-premises software.For implementing the cloud application, the healthcare needs to control the data of the off-premises as well. For implementing the cloud application, it is essential to free the management the teams from the spent effort and time on the non-strategic and the IT operation of the system of the healthcare. |
3.3 Who would be responsible for initiating the necessary change?
| For the implementation of the change to cloud computing, the responsible person will be the cloud developers, cloud administrator the third party cloud service provider. It is clear that many personal is responsible for the implementation and the development of the cloud application. The cloud developers have the knowledge of the cloud architecture practices. Cloud developers are involved in debugging, deploying and developing the cloud-based system. The cloud administrator is responsible for the installation, configuration, support and maintenance of the cloud application (Stock, Stöhr, Rauschecker & Bauernhansl, 2014). The responsibility of the cloud administrator is variable based on the healthcare and the demands of the healthcare. The third party service providers offer the cloud-based platform for the organization. The cloud service providers provide the organization huge benefits, flexibility and scalability. Third party service provider is the important aspect, who is responsible in many ways for the implementation of cloud in the healthcare with the old system. Third party can customize the configuration of the servers of the responsive load of the data that can respond in changing demands. |
3.4 How could this change be approached organisationally?
| Define the project: Some infrastructure and application need not to put on the cloud. First, it is needed to decide the shift to cloud is feasible or not.Select the platform: Easy, fast and safe platform needs to be chosen for deployment. Flexible platform is needed to scale the business growth (Yetton, Henningsson & Bjorn-Andersen, 2013).Understanding of security policy: The healthcare should have the understanding of the security policies and needs to ensure the resources.Select cloud service provider: Partner with the service provider has the success with the business similar to the technology of the healthcare.Determination of service level agreements: It is needed to be clear with the service provider at the time of SLA and about the things they either cover or not like data protection and data availability.Understand who owns the recovery: Technical problems will come. Therefore, the healthcare needs to ensure that the service provider takes the responsibility for the recovery.Migrating in the phases: Rolling out the phased migration allows the healthcare to maximize the load and provide the time to reduce the risks (Velimeneti, 2016)Think ahead: the requirements of the business can change any time. Therefore, cloud solution should be chosen to move among the cloud and on-premises as requirements.Implementing and creating the cloud strategy will take time, effort and energy. It is essential to choose the correct strategy of cloud, which will help to open up many opportunities to emerge the business in the market. |
4. Conclusion
| The current changes in adopting the cloud computing in the healthcare can solve the various issues related to information security and cost optimization in the healthcare industry. Thus, this can be concluded by this study that the cloud-based application will provide various benefits to the physicians, patients, insurance company, imagining centre and pharmacies while sharing the information and data within the medical industries and provides best result to the security system. Many challenges like interoperability and various security and privacy concerns will rise to the cloud-based infrastructure. Therefore, adopting the cloud system is progressing slowly. By implementing the best cloud application in the system, use and deployment of the cloud-based system can generate the growth in future in adopting the cloud-based infrastructure despite of all the barriers and obstacles. |
REFERENCES
| Abbas, A., & Khan, S. U. (2014). A review on the state-of-the-art privacy-preserving approaches in the e-health clouds. IEEE Journal of Biomedical and Health Informatics, 18(4), 1431-1441.Archenaa, J., & Anita, E. M. (2015). A survey of big data analytics in healthcare and government. Procedia Computer Science, 50, 408-413.Cárdenas, A. A., Manadhata, P. K., & Rajan, S. P. (2013). Big data analytics for security. IEEE Security & Privacy, 11(6), 74-76.Casola, V., Castiglione, A., Choo, K. K. R., & Esposito, C. (2016). Healthcare-related data in the cloud: challenges and opportunities. IEEE Cloud Computing, (6), 10-14.Darwish, A., Hassanien, A. E., Elhoseny, M., Sangaiah, A. K., & Muhammad, K. (2017). The impact of the hybrid platform of internet of things and cloud computing on healthcare systems: Opportunities, challenges, and open problems. Journal of Ambient Intelligence and Humanized Computing, 1-16.El Jaouhari, S., & Bouabdallah, A. (2018, July). A privacy safeguard framework for a WebRTC/WoT-based healthcare architecture. In 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC) (Vol. 2, pp. 468-473). IEEE.Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of biomedical informatics, 46(3), 541-562.Khalil, I., Khreishah, A., & Azeem, M. (2014). Cloud computing security: A survey. Computers, 3(1), 1-35.Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10.Maenhaut, P. J., Moens, H., Ongenae, V., & De Turck, F. (2016). Migrating legacy software to the cloud: approach and verification by means of two medical software use cases. Software: Practice and Experience, 46(1), 31-54.Perakslis, E. D. (2014). Cybersecurity in health care. N Engl J Med, 371(5), 395-397.Pino, C., & Di Salvo, R. (2013, March). A survey of cloud computing architecture and applications in health. In Proceedings of the 2nd International Conference on Computer Science and Electronics Engineering. Atlantis Press.Rodrigues, J. J., De La Torre, I., Fernández, G., & López-Coronado, M. (2013). Analysis of the security and privacy requirements of cloud-based electronic health records systems. Journal of medical Internet research, 15(8), e186.Saedi, A., & Iahad, N. A. (2013, June). An Integrated Theoretical Framework for Cloud Computing Adoption by Small and Medium-Sized Enterprises. In PACIS (p. 48).Sajid, A., & Abbas, H. (2016). Data privacy in cloud-assisted healthcare systems: state of the art and future challenges. Journal of medical systems, 40(6), 155.Stock, D., Stöhr, M., Rauschecker, U., & Bauernhansl, T. (2014). Cloud-based Platform to facilitate Access to Manufacturing IT. Procedia CIRP, 25, 320-328.Velimeneti, S. (2016). Data Migration from Legacy Systems to Modern Database.Xhafa, F., Li, J., Zhao, G., Li, J., Chen, X., & Wong, D. S. (2015). Designing cloud-based electronic health record system with attribute-based encryption. Multimedia Tools and Applications, 74(10), 3441-3458.Yang, J. J., Li, J. Q., & Niu, Y. (2015). A hybrid solution for privacy preserving medical data sharing in the cloud environment. Future Generation Computer Systems, 43, 74-86.Yetton, P., Henningsson, S., & Bjorn-Andersen, N. (2013). Ready to Acquire’: IT Resources for a Growth-by-Acquisition Strategy. MIS Quarterly Executive, 12(1), 19-35. |
