Health 2.0

Cloud Only is Dead for Health

A lot of people are intrigued with using “cloud” applications and storage for personal health data. This week we’re seeing what I think is the final nail in the coffin of “cloud only” for anything important. You gotta have offline backups: two huge cloud vendors – Amazon and now Google – have demonstrated that even they can go down, leaving their users absolutely powerless.

Cloud applications diagram from Wikipedia

Cloud computing (Wikipedia) is hugely attractive to software developers and businesses. As shown in this diagram from Wikipedia, the idea is that you do your computing using storage or tools that are on some computer somewhere out there “in the cloud.” You don’t know or care where, because somebody out there takes care of things. As your business or database grows, “they” take care of it.

And it’s real – it works.

But when “they” screw up, you could be screwed.

Last month Amazon Web Services went down for a couple of days. PC Magazine posted a good summary, and many of us learned that well known companies like Hootsuite and Foursquare don’t actually own the computers that deliver their product: they rent services from Amazon Web Services (AWS).

So when AWS went down, there was nothing they could do to help their customers.

Now the same problem has happened with Google’s Blogger.com (“blogspot”) blogs. For at least 48 hours the back end of their blogging system has been dead. For instance you can read my old blog (patientdave.blogspot.com), but when I try to log in to create a new post, here’s what I get:

ZDNet reports that all posts and comments added since the problem started have “been removed,” a euphemism for “lost forever.” ZDNet asks, what keeps this from happening to other cloud products, like Google Docs? (What if you’d stored your business documents in Google Docs? What if your last two days of Gmail were lost?)

What’s the relevance of this to patient engagement? Well, a lot of people talk about cloud-based personal health records (PHR), and cloud-based medical tools. Here’s the lesson: For anything you can’t afford to be without, you gotta have non-cloud backups.

  • You gotta have offline data backups.
    • My personal website is built using WordPress; every day they email me a backup file of my complete database. I can’t lose more than a day’s work. It’s vital, it’s obviously not complicated software, and it’s free.
    • At my old day job, I used to manage a pretty big cloud-based database for our sales and marketing needs: Salesforce.com. Every week they emailed us a link to download a zip file of our entire database, plus a daily update.
  • For any “can’t afford to be down” situation, you gotta have ironclad availability.
    • Here at e-patients.net, we don’t rely on the cloud. Our WordPress blog is hosted on the highly reliable servers of one of our board members.
    • Salesforce.com has a  huge number of redundant server farms, and they’re totally transparent about outages and even degradation. To earn the trust of the corporate world, they published trust.salesforce.com. It displays the uptime, performance degradation and outages of every system around the world. Click on any symbol and see the root cause, how it happened, and what they did about it. (And you can subscribe to any RSS feed for all updates! Hey Google and Amazon, you gonna offer that?)

People I talk to tend not to “get” this unless it’s expressed as their kids’ medical record. A couple of years ago I spotted this message on the Google Health user forums:

Help – leaving for hospital – data won’t print.

I do believe in the cloud – it makes sense for many situations. It makes innovation far faster and less risky. But for anything important – which health is – you gotta have offline backups and you gotta be sure you won’t go down.

Of course, there’s an ultimate trap for anything online: if the internet goes down, the whole cloud goes down. That happens sometimes, and it could very well happen if an enemy hacked the Web. For anything mission-critical you have to consider whether you could afford to be offline for hours or days, and think out what you’d do meanwhile. (Same for power outages, which is why hospitals etc. have backup generators.)

All  this has been debated for years in the IT community, but once again the health IT world seems to be naive. As we consumer/patients (and health workers) start to acquire IT tools, we must insist that tools we rely on have sufficient reliability – even in a disaster.

e-Patient Dave (Dave deBronkart, MD) is one of the leading spokesperson for the e-Patient movement. A high tech executive and online community leader for many years, he was diagnosed in 2007 with Stage IV kidney cancer, with a median survival of just 24 weeks. Today he is well. In 2008 he discovered the e-patient movement, and began studying, blogging, and speaking at conferences, and in 2009 was elected founding co-chair of the new Society for Participatory Medicine.

Livongo’s Post Ad Banner 728*90

19
Leave a Reply

15 Comment threads
4 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
17 Comment authors
buy housepurificadoras de aguaFinlay Georgehealth insuranceCharlesL Recent comment authors
newest oldest most voted
buy house
Guest

magnificent issues altogether, you just won a logo new reader. What would you recommend in regards to your publish that you simply made some days ago? Any sure?

purificadoras de agua
Guest

Excellent post, I will be checking back regularly to look for updates.

Finlay George
Guest

Really Interesting …:)

health insurance
Guest

I wish u all about seeing of ur blog, As for health records, I fully agree with Dave de Bronkart, it is not wise to trust only one deposit place for sensitive data, they should be backed up as it best suits the user. Besides cloud going down, we have witnessed recently so many other dangers (hackers, data hacker thiefs, etc.) that make the offline availability of sensitive data a must.
———————————–
sweety

CharlesL
Guest
CharlesL

Any one of these problems could have happened in a companies’ own data center. I work in IT in a Fortune 100 company and our main portal went down for over a day due to a bad change. Made the WSJ. Having a good disaster recovery plan based on the critically of your services is important regardless of where your data is hosted. BTW, i use Google Heath and every time i update it, i download a PDF that is saved to a Dropbox account that is synced to local storage on 3 devices. That example of the family not… Read more »

e-Patient Dave
Guest
e-Patient Dave

Ugh. Once again I wish i’d known this was going to be cross posted so I could have said “PLEASE be sure to include the prefatory note I addded on the original post on e-patients.net.” I know this blog has a practice of cross posting without notice but as I’ve said before I think it’s rude, and in this instance has the effect of misquoting me, because what it says here is no longer an accurate snapshot of my view. I could easily have corrected that. What the hell is so hard about letting me know about an upcoming cross… Read more »

kacey Carpenter
Guest

Private and hybrid clouds provide a model that provides the flexibility of the cloud but the security, availability, and performance required for specific areas including “medical-grade”, critical infrastructure, and mission-critical government applications.

Audun Utengen
Guest

We recently experiences severe problems with our own hosting solution. Guess what, we used real servers not cloud. And no, a backup is not a solution. Backups has nothing to do with the question of “going cloud” or not. And now we have transitioned to a pure cloud solution. I feel better. Why? – When servers go down (cloud or not) is mainly because of human errors. – The probability that your local IT staff is of higher quality than the IT staff at Amazon AWS is very very low. – I trust that AWS staff will do fewer human… Read more »

Alan
Guest

I agree, backups are key. I heard this week about the launch of the new cloud computing laptops: I don’t have the details, but as some who travels a great deal I would never be able to use them. There is no internet connection on flights and the services which are available on trains is shocking.

kgapo
Guest
kgapo

You are right! Moreover, in many regions in Europe, maybe in other areas, there is no broadband or at very high cost/low speed. I have experienced this more than once. Therefore, I always backup all my data in an external hard drive so that I can use them with my netbook. As for health records, I fully agree with Dave de Bronkart, it is not wise to trust only one deposit place for sensitive data, they should be backed up as it best suits the user. Besides cloud going down, we have witnessed recently so many other dangers (hackers, data… Read more »

kgapo
Guest
kgapo

You are right! Moreover, in many regions in Europe, maybe in other areas, there is no broadband or at very high cost/low speed. I have experienced this more than once. Therefore, I always backup all my data in an external hard drive so that I can use them with my netbook. As for health records, I fully agree with Dave de Bronkart, it is not wise to trust only one deposit place for sensitive data, they should be backed up as it best suits the user. Besides cloud going down, we have witnessed recently so many other dangers (hackers, data… Read more »

kgapo
Guest
kgapo

You are right! Moreover, in many regions in Europe, maybe in other areas, there is no broadband or at very high cost/low speed. I have experienced this more than once. Therefore, I always backup all my data in an external hard drive so that I can use them with my netbook. As for health records, I fully agree with Dave de Bronkart, it is not wise to trust only one deposit place for sensitive data, they should be backed up as it best suits the user. Besides cloud going down, we have witnessed recently so many other dangers (hackers, data… Read more »

Adam Wolfberg, MD
Guest
Adam Wolfberg, MD

With all due respect, Dave, I think that “backup” and “cloud computing” are separate issues. Of course all data should be backed up, whether they are stored in the “cloud” or on a server. The beauty of cloud computing is that it makes complex applications available to anyone with internet access. And computers in the cloud, like computers in my hospital, can (and do) routinely go down. Most of us in healthcare are used to getting regular emails announcing the temporary failure of one application or another. (Honestly, I’d rather trust most of my applications to the IT team at… Read more »

Barbara Duck
Guest

Going back to the Amazon Cloud issue, there was a cardio monitoring company who was on the AWS boards asking for help as they were down. Now I gave this a little impact here as they included their account number and other vital information on their SOS to get help from Amazon who was nowhere to be found. At the very end one commenter said it was a hoax but whether it was or not, it was a wake up call. I posted it on my blog and as we all know there were many who could not get customer… Read more »

Keith W. Boone
Guest
Keith W. Boone

I’m on my way to a conference right now. My itinerary is available in the cloud. But I’ve learned to download it. To all my devices, and to keep a paper copy in case I run out of power (which happens frequently on long flights). If it wer my health data, you bet I’d have it equally protected.

Margalit Gur-Arie
Guest

“…but once again the health IT world seems to be naive” We don’t do “cloud” in health IT. The overwhelming majority of health IT is deployed locally in industrial strength data centers owned and controlled by hospitals. A majority of independent ambulatory health IT is sitting on servers located in the clinic. The newest trend is to have vendors maintain the servers in their own data centers while users log in remotely (ASP). Some smaller vendors who offer web based health IT also deploy everything in their own data centers. For the large ASP vendors, there is always a secondary… Read more »

MD as HELL
Guest
MD as HELL

The patient could pay for the med rec app directly. Who needs EHR?

Glen
Guest
Glen

After a proper risk analysis, which one should always do, there will emerge a set of responsibilities and accountabilities for any vendor — cloud or not — entrusted with important (to you) data. To the extent that they are unwilling or unable to meet those requirements, the burden falls on you to supply a solution. That could be frequent backups. It could also be having trustworthy medical resources that don’t require an available EHR or PHR to meet immediate health care needs. Most people don’t have the skills to do a risk analysis, so they will rely on anecdotal experience… Read more »

pheski
Guest

I agree with the principle, but the devil is (always) in the details. The only data I do not have backed up in two (available) places is data I consider unnecessary. And I’m not even talking about medical records! There is, however, a problem with applying this principle to life. At what point is one over reacting? Should the local backup be printed (nightly) to guard against the inability to access electronic data in the server farm, down the block? Should every practice with a local server keep current hard copies for a power failure? In a community with two… Read more »