Q&A with Daren Smith
Daren Smith, vice president of ASC Solutions, recently hosted a webinar on "The Time is Now: Why ASCs Need To Be On the Cloud" where he provided insight and guidance concerning cloud computing in ASCs and transitioning to the cloud. The audience was engaged and asked great questions during the Q&A portion of the program that provided additional opportunities for Daren to discuss what surgery centers need to know about cloud computing.
Below are the highlights of those questions and responses provided by Daren, edited for readability. To view the webinar on-demand, please visit the SIS Resource Library.
Q: When I'm evaluating cloud vendors, what should I look for from a security standpoint?
Daren Smith: Very good question. There's a bunch of different security standards on the market right now. Let me give you a couple of key words to look for.
First, you want to look for SOC 2 certification. SOC 2 is a cybersecurity framework. Independent companies perform security assessments on SaaS-based software to determine whether to certify the software. SOC 2 requires a very high level of security to pass that certification. You want to make sure that not only where your data is being stored — i.e., the cloud provider your software provider is using — is SOC 2 certified, but you also want to make sure the application you are using is SOC 2 certified. There's two pieces to every cloud program: the application and the data. Make sure both of those are covered by SOC 2.
The other certification concept you may see is HITRUST. HITRUST is specific to the healthcare industry. A bank can be SOC 2 certified, but HITRUST has some additional layers of security required for healthcare solutions.
So, when you're researching your cloud providers, look for those two terms: SOC 2 certified or HITRUST certified. Or you may want to look for them both.
Q: Will our data on the cloud be mixed with the data of other ASCs? Who will have access to our data?
DS: No one, unless you give them access to it. One of the beauties of using cloud computing is that we can wall off virtually, if not physically, someone's data from the application. Millions of people in the United States use the same cloud applications, such as Microsoft Outlook and Gmail. If you're one of those people, you only see the email that comes to you. The cloud gives us the capability to create the silo that walls off your data and makes it only accessible to you and anyone you choose to provide access.
Q: When an ASC moves to the cloud, what should we do with all the on-premise technology in our server room?
DS: There is a natural transition period when moving from on-prem to the cloud. You're going to need to keep your old data up and running for a short amount of time. You will still need to maintain your current server and your current network so you can take care of the patients that had surgery today even if you're going to the cloud tomorrow. There's a certain amount of time where you're going to need to not only run that old server but run your new system as well.
We usually see the transition from on-prem to cloud take 90–120 days. Each day that goes on, you'll use your ASC's legacy system/server technology less and the cloud system more until you get to the point where you can take that old system and put it into some type of archival mode. In that archival mode, you can then take all the data that exists in it, capture the data, and take it out of the server and have someone else host it. If you just bought a new server, you could choose to keep that server up and running for a few years until you no longer need that data.