Final Capstone Project Report

MIS 584-Capstone

CLOUD COMPUTING & ITS APPLICATIONS

Challenges & Measures of Implementing IaaS cloud in healthcare Sector
(A Case Study on XYZ Clinic).

Team Members
SAI SRINIVAS THOTA
ABHISHEK MILIND DHOLE
KIRAN VARDHAN REDDY DEREDDY
SOUMITH REDDY PODDUTURU
MURALI SHANKAR EEDARA
NIKHIL REDDY GUDUR

December 19, 2015

Table of Contents:
Executive Summary

Introduction

Problem Statement

Purpose & Research Questions

Scope, Assumptions & Limitations

Literature Review

Methodology

20

Results & Discussion

23

Recommendations &Conclusion

34

References

36

Appendix

39

Executive Summary:

The Health care sector is growing rapidly and has a high potential in both financial and
technological aspects. The information systems side of the health care sector is still lagging
behind with the traditional methods of storing data and backups that results in the decrease of
efficiency of information systems in financial terms, flexibility of increasing and decreasing
computational resources as per requirements, putting the computational resources to efficient
usage and improving the process of health care. With the implementation of cloud
computing, the health care organizations need not worry about providing security to the
infrastructure and maintaining it. The companies can focus entirely on providing better
patient care. Infrastructure as a Service (IaaS) cloud model lets the health care organizations
to transfer their risk of losing patient health information (PHI) to the cloud service provider.
The service provider is responsible for security and maintenance of the infrastructure,
necessary updates regarding technology, servers, data centers etc.

Though there are many advantages implementing cloud platform, many health care
companies are still using traditional infrastructure. Certain barriers were discovered through
survey conducted in health care organization whose primary goal is to identify the challenges
faced while implementing cloud platform particularly IaaS. The main challenges include
security and confidentiality of the information resided on cloud, performance of the cloud
3

server and reliability of the service provider. In addition to this, the client doesnt have a
control over the service providers server. It can only control the applications deployed over
the cloud. As PHI needs to be highly secure and confidential as per the government
regulations mentioned under The Health Insurance Portability and Accountability Act of
1996 (HIPAA). In United States the health care organizations need to operate according to
HIPAA framework. The healthcare companies are doubtful about whether the HIPAA norms
would be properly followed by cloud service provider or not. In order win the confidence of
clients, the cloud service provider must provide assurance about data security in the form of
proper authentication and authorization techniques, backup policies, alternate server to be
used if primary server breaks down etc. In this project, the challenges faced by XYZ Clinic
while implementing IaaS would be studied and recommendations would be made
accordingly.

Introduction:

The project focuses on challenges and measures to be taken while Implementing

Infrastructure as a Service (IaaS) in the Health Care sector (XYZ Clinic). The benefits the
XYZ clinic would be receiving after possible shift to IaaS model would be studied..

What is IaaS?
Infrastructure as a Service (IaaS) is one of the model of cloud computing which provides
virtualized computing resources including servers, storage, networking, and data center

space over the Internet.

How is it Implemented?
An organization implementing the IaaS has a number of ways to do so depending on the
level of ownership, storage and networking resources involved, and the data processed by
these IT resources. The traditional approach is to implement new services alongside the
existing technology during the transition phase. Considering the implementation of IaaS,
healthcare companies should be having clear picture of the benefits which they would be
getting after implementation of IaaS. Also, the risks associated with implementation of

IaaS should be considered.

How will the implementation of IaaS affect future growth of the organization?
Implementation of IaaS will provide an opportunity to eliminate the cost associated to
installing hardware, purchasing software licenses etc. This model enables the on-demand
delivery of essential IT resources, including processing power, storage capacity, network
bandwidth, and security technologies. IaaS would be a grate market for healthcare
industries in near future. It is essential to ascertain benefits as well as downside of its
implementation. Upon complete understanding, the steps could be taken to minimize the
impact of any downsides.

Problem statement:

Cloud computing has become a powerful solution for solving computing problems. Many
organizations are moving towards cloud computing by implementing different models such as
Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)
for decreasing the costs of computation. The challenges and measures of Implementing
Infrastructure as a Service (IaaS) with respect to the XYZ clinic is studied by the team through
conducting a survey questionnaire as they have already implemented cloud solutions in their
organization. In future this study will help the health care organizations to implement IaaS and
reduce costs as well as increase efficiency of services and infrastructure available in the health
care sector.

Purpose and Research Questions:

The purpose of this research is to:

Study the challenges and measures of implementing IaaS cloud in Health care

applications and providing suggestions for improving the areas where necessary.
Find the security issues underlying the implementation of cloud based Infrastructure

as a service (IaaS).
Study the benefits of implementing cloud platform in an organization who are

actually using it.

Identify the importance for an organization to implement and upgrade its services.

Research Questions:

What are the challenges for adoption of the IaaS in Healthcare industry?
What are the measures to be taken to implement IaaS in Health Care?
What is the impact of IaaS on Health care in the future?

Scope, Assumptions and Limitations:

Scope:
The scope of the project is to study the challenges and measures to be taken to implement
Infrastructure as a service (IaaS) model in the healthcare sector by conducting a survey at XYZ
Clinic. The challenges during the implementation will be observed from the results of the survey.
In addition to this, the drawbacks of IaaS cloud computing implementation from the security
point of view will also be studied. The difficulties which the organization (XYZ Clinic) has been
facing (if any) while adopting cloud systems will be analyzed. The XYZ clinic being a heath care
organization and is already implementing a few types of cloud services, the impact of cloud on
health care is studied by the group and there by conducting a survey questionnaire on the
employees of IT department at the XYZ clinic to collect the information about the challenges and
measures to take while implementing an IaaS cloud service in health care.
Assumptions:

It is assumed that Infrastructure as a Service (IaaS) is cost effective and after its

implementation, the companies would be able to achieve high profit margin.

According to the organization, the security is the main concern when implementing IaaS
cloud service. The company cannot trust the confidentiality of data since the data is

located on the service providers server.

After implementing the cloud platform, the efficiency of existing business processes

would be increased.
It is not possible for some companies to implement cloud services as there is a security

and confidentiality issue associated with the data.

The companies would be able to save a lot of money on buying additional servers and
devices if they wish to implement cloud platform.
7

Few IaaS service providers offer mobile platform which could increase the portability of

the data handling.

The backups and data centers would be handled by the IaaS cloud provider, and
companies need not worry anything about maintenance, operation of devices etc.

Limitations:

Sometimes, the employees do not reply to survey questionnaires. Therefore, we might

not get the data we need.

The time constraint is a major limitation while conducting the research.
Due to the limited amount of time, each and every area of IaaS cannot be studied in

detail.
Relying on Internet connection may not provide the required speed that you need when
you want to interact between an internal software or software in another Cloud and the

IaaS cloud provider.

Data security is one of the major limitation because it is very hard to include cloud

services into enterprise wide data archiving, backups and recovery processes.
Using this IaaS may reduce the costs in the short run, but ultimately it will prove more

costly in renting out services in the long run.

Applications may need new and special kind of security due to shared nature of the

infrastructure used.
There is a huge business risk as IaaS need trust in vendor infrastructure for availability,
data security, etc., even with extensive hard work, ongoing survey and proactive
management.

Literature Review:
The cloud computing is a valuable service by offering resources to the computers spread over a
wide geographical area based on an on-demand basis. The cloud computing offers a wide variety

of options to users and enterprise for storing and to the processing the data without having to
install any software on clients side.
The adoption of cloud computing has been a latest emerging trend in the health care industry.
Using cloud services, it is very easy to access the patients data from anywhere in the world. In
order to access this data, the particular health care company requires to have login privileges.
The cloud facility offers a variety of benefits to health care industry as stakeholders who have
been authenticated can access the data irrespective of place. In addition to this, the healthcare
company wouldnt have to invest lots of money in purchasing latest equipment for managing and
storing of the data. (Nabil Sultan, 2014)
By adoption of cloud computing in healthcare companies, is possible to
accrue huge benefit in terms of providing quality service to the patients,
ease in sharing of patient information in terms of medical records, test
results, medicines prescribed etc. The information can be pulled irrespective
of place and can be further used by a concerned person from that particular
healthcare company for making decisions such as diagnosis, scheduling
appointments, processing insurance claims.

The cloud computing models used in healthcare industry are as under:

1. IaaS: (Yogesh Khullar, Ritesh Khullar, Smita Raj, Dr. Mukta Bhatele, 2013)
IaaS stands for infrastructure as a service. In this model, the healthcare company outsources the
hardware infrastructure including network, servers, data centers etc. to cloud provider. In this
case, the cloud service provider is responsible for managing this devices from its side and
providing platform for performing operations to healthcare company. The main benefit of IaaS
9

infrastructure is that the service provider provides the virtualized and standard operating
environment with reasonable cost.
The IaaS provides good platform to use resources such as storage, processing, network etc.
without having to install any programs on their or investing in any kind of specific hardware. The
IaaS gives the typical virtual feel to the users. Internet is the only essential thing which is
necessary for accessing the cloud server from clients side. The service provider offers required
things to the user. (Goce Gavrilov and Vladimir Trajkovik, 2012)
IaaS is based on pay-as-you-go model in which the user has to pay for a service which is actually
used. The big advantage of this model is that, the companies save lot of money in investing the
resources which it has never used. (Yogesh Khullar, Ritesh Khullar, Smita Raj, Dr. Mukta
Bhatele, 2013)
IaaS works fine irrespective of the configuration and specification of the machines located at the
clients side. Moreover, the user can access it sitting at any place in the world. In todays fast
paced environment, the technology changes very rapidly. Practically, it is highly impossible for
the user to upgrade the system configurations frequently considering the cost associated to it.
It is cloud service providers responsibility to maintain confidentiality and security while
handling the patients data. Using this model, many users can simultaneously access the
information stored on cloud by using valid credentials. In IaaS, the service provider is fully
responsible for maintaining the privacy and security of patients data (Goce Gavrilov, Vladimir
Trajkovik, 2012).

2. PaaS (Goce Gavrilov, Vladimir Trajkovik, 2012):

10

PaaS stands for Platform as a Service. This model offers simple and easy to use online
environment for operating the web applications. The healthcare company doesnt have an access
to cloud infrastructure including network, operating system, storage etc. but it can manage the
web applications.
The PaaS offers an excellent opportunity to the user to perform programming in executable
environment. The user can deploy his/her own application over service providers cloud in few
clicks. The user doesnt have an access to cloud infrastructure which consists of servers,
operating system, networking devices etc. but it has a full control over the deployed applications.
The PaaS helps in a great way by reducing the administrative burden over the company. The
company need not worry about investing large money in buying hardware, purchasing software
licenses etc. This saved money can be used to perform some innovative tasks which could add
the value to the companys core functions. (Yang, Haibo and Tate Mary, 2012)
The Googles App engine is excellent example of PaaS service. The Google Apps provides the
common platform where the code or program is shared by the various users over internet. The
Google Apps has its own online community as well as marketplace where the users can buy,
share or sell the applications or code generated by them. Another example of PaaS could be
Wave Maker which is owned by VMware offers very good service of building java based
websites which make it easy for non-technical users to develop their own online application over
the cloud. (Yang, Haibo and Tate Mary, 2012)
By implementing the PaaS model, the company can get rid of from the hassles such as disaster
management, data security challenges, networking issues etc. (Yogesh Khullar, Ritesh Khullar,
Smita Raj, Dr. Mukta Bhatele, 2013).
3. SaaS (Goce Gavrilov, Vladimir Trajkovik, 2012):

11

SaaS stands for Software as a Service. The Software as a Service model enables the healthcare
company to use the software platform installed on cloud without having to worry about software
installation, maintaining large servers, databases, networks etc. (Yogesh Khullar, Ritesh Khullar,
Smita Raj, Dr. Mukta Bhatele, 2013). The healthcare companies would reap the benefits of IaaS
and PaaS by implementing the SaaS platform. This model is extremely useful for managing the
day-to-day

functions

including

handling

databases,

managing

recruitment

activities,

virtualization etc. The practical example of SaaS is to implement the ERP systems, adoption of
CRM platform such as Salesforce.com, Microsoft Azure etc.
The SaaS offers variety of resources such as online user communities, marketplace where the
user can integrate third party tools, install add-ons to existing modules, performing customization
of application according to own requirements etc. The Salesforces AppExchange is one of the
good example of SaaS model. In AppExchange, the user can integrate and use third party Apps
into Salesforce org (The Salesforce user account is commonly known as org) to leverage the
performance of companys operations. (Yang, Haibo and Tate Mary, 2012)

In traditional mode, the user has to pay for a subscription belonging to different software. It
increases the cost burden over the user. In SaaS model, the subscription is charged based on
different factors such as the type of feature used, number of users using the service, the duration
for which the user intends to access the cloud server etc. The purchasing and terminating the
subscription is very easy if compared to traditional infrastructure. (Janssen, Marijn and Joha,
Anton, 2011)

12

The major advantage of using SaaS model is that the user need not worry about installing timely
updates, patches etc. Everything is controlled and managed by the cloud service provider. The
subscription is based on pay-per-use basis. The user can access particular application without
having to pay entire amount for buying whole software. (Janssen, Marijn and Joha, Anton, 2011)

There are some issues with the healthcare industries have been facing due to which adoption of
cloud service has remained a challenge for many companies. The major issues are as follows:
Issue 1 (Goce Gavrilov, Vladimir Trajkovik, 2012) Security and confidentiality of the
information:
Cloud computing includes various domains in which each separate domain is responsible for
handling different parts such as security, privacy, trust requirements, data back-up policies,
authentication certificates etc. The security and confidentiality of the data regarding sensitive
type of information need to be handled very carefully. If this data falls in the hands of wrong
entity, it may be very costly for the health care company. Data security and confidentiality is the
main challenge behind the implementation of cloud service by health care companies. Especially
when IaaS is concerned, as in this model, the cloud service provider is responsible for privacy
and security of the clients data, the important and confidential information related to patients
becomes the main concern for health-care companies. In many instances, the healthcare
companies hesitate to adopt cloud platform though it offers variety of other benefits like low
cost, no maintenance from clients side etc.
Though, the cloud provide wide range of benefits, the healthcare sector
involves risks in terms of security and privacy of the data. In the United
States, the health care industries have to act according to policies and
13

procedures governed by the government. This policies are like governance

measures which inforce the healthcare companies to work in certain
predefined framework when it comes to handling the data. At the time of
using cloud service, the companies have to obey strict regulations defined by
HIPAA. This regulation takes care of the confidentiality and security of the
patients data and prohibits healthcare companies to publish it over the
internet without taking patients consent.

The more robust security measures need to be implemented in order to deal

with the security framework set by government. The measures include
access control, authentication, providing authorization etc. The access
control deals with the right to access the confidential information by staf
member of the healthcare company. The authentication provides the
diferent measure to authenticate the person accessing the information.
Usually, the username, password and security information is asked to verify
that the right person is accessing the data. Once the authorized person
enters his/her credentials, it is checked against the stored information in a
database. If the match found, then the person is given login permission.
Further, the transmission security and storage security are equally important
issues. The transmission security ensures the security of the data when it is
transmitted over the internet. For e.g., in order to access the cloud server,
the internet connection is must. While transmitting the data for storing or
processing on cloud over the internet, the various security protocols need to
14

be followed for avoiding possibility of falling the data into the hands of
hackers. The firewall and antivirus software also need to be installed at
clients side. The same security measures need to be implemented at cloud
service providers side. During the storage of the data over the cloud, the
high level of security measures need to be assured. Because, the storage
medium should be secure enough otherwise, the information stored gets
leaked or accessed by wrong entities.
Issue 2(Yogesh Khullar, Ritesh Khullar, Smita Raj, Dr. Mukta Bhatele, 2013): Availability
of a reliable service at any given time:
The availability of the information any time as per the demand is the main concern for the health
care companies while adopting the cloud computing service. If the hospital requires the data on
immediate basis, and if the cloud provider encountered an issue and because of that if it is unable
to provide the information time on right time, then it would become a serious concern for the
hospital. As the patients data need to be available for any time as and when it is required.
The healthcare industries deal with very important data related to patients
which includes medicines prescribed on specific date, the name of the doctor
from whom the consultation is taken, previous history of any disorders,
surgeries etc. This information is required on high priority basis and must be
available immediately as and when demanded. If there is an interruption in
operation of cloud or performance level slows down, in such cases, the cloud
server unable to provide uninterrupted service to the healthcare company.
The cloud service provider must provide alternate option if there is a problem
accessing the cloud by healthcare company. In such cases, the data backup

15

should be made available 24*7 in order to access the data as and when
demanded. There should be provision of alternative server is there is
accidental shutdown of main server due to some unforeseen situation.

Issue 3 (Sanjay P. Ahuja1, Sindhu Mani1 & Jesus Zambrano, 2012) Performance of the
cloud server:
The other issue which deters the healthcare companies while considering cloud implementation
is how cloud server would perform? Would it be performing well all the time? What would
happen if it fails to operate or unable to function for certain amount of time? Such type of
questions need to be addressed by companies and unless cloud service provider gives the
satisfactory information regarding this questions, the companies find it difficult to switch to
cloud platform.
The cloud server is responsible for handling all kind of activities associated
with handling, storing, accessing the patients

information etc. The

performance of the server is one of the key point which is taken into
consideration by health care industries while taking decision on moving to
cloud platform. If the server fails to give the acceptable performance level,
the health care company wouldnt be able to perform its day-to-day
activities. The scalability of the server is one of the important issue the while
making decision whether to shift to cloud platform or not. The scalability
means the ability of the server to provide acceptable level performance
without any interruption (Eman Abukhousa, Nader Mohamed and Jameela AlJaroodi, 2012).

16

The cloud server consists of many entities such as database engine,

repositories, and physical networking devices etc. which are responsible for
carry out the operations and provide the robust performance. If there is fault
in operating one of the entity, then entire operation of the server stops until
the fault gets repaired. The fault tolerance is one of the important factor
while choosing the cloud service provider. The fault tolerance level of the
server stands for the ability or capacity of the server to handle and resolve
the technical glitches. More is the tolerance level, more high would the
performance level.
The routine and preventive maintenance are very essential for avoiding
breakdown of the server as well as to make sure whether the server has
been providing the optimum performance or not. This is one of the issue the
healthcare industries wrestle with. Once the cloud technology is adapted,
due to high importance level of the data the companies handle, the
continuous and uninterrupted access to the information is of utmost
importance.

Benefits of cloud computing for health care industry are as follows:

1. Improved quality of service (Sanjay P. Ahuja1, Sindhu Mani1 & Jesus Zambrano 2012):
By adopting the cloud service by health care company, the quality of service can be improved.
The patients data can be shared by multiple companies and can be accessed at given point of
time.

17

2. Easy accessibility of the data (Sanjay P. Ahuja1, Sindhu Mani1 & Jesus Zambrano,
2012):
The authorized personnel from the health care company can obtain information such as
prescription details, test results, availability of the physician etc. anywhere and anytime using
his/her credentials on cloud. It is of great help for making decisions, speed up insurance
processing, making physicians appointment etc.
Even patients can easily access the information using their PC, smartphone or iPad by logging to
cloud server using valid credentials. It is one of the great feature of cloud platform that, anyone can
access the information from any part of the world without having to investing in buying expensive
hardware or software. (Yogesh Khullar, Ritesh Khullar, Smita Raj, Dr. Mukta Bhatele, 2013)

3. Cost benefit (Sanjay P. Ahuja1, Sindhu Mani1 & Jesus Zambrano, 2012):
The Company wouldnt need to invest lot of money in buying hardware devices including
networking equipment, data centers, servers, purchasing the licenses for software in order to
carry out entire operation. Once the cloud service is adopted, all functions are performed on
remote cloud server. The company is able to save a lot money maintaining the IT infrastructure
from its side. In addition to this, the company follows pay-as-you-go model under which it has
to pay for the services which it actually using. The money saved can be used for innovative
purposes. Due to adoption of cloud platform, the healthcare companies need not have to invest
lot of money during the initial setup which is beneficial for start-up healthcare companies who
may not have large capital for investment. (Yogesh Khullar, Ritesh Khullar, Smita Raj, Dr.
Mukta Bhatele, 2013)
4. Concentration on core business activity (Sanjay P. Ahuja1, Sindhu Mani1 & Jesus
Zambrano, 2012):

18

If the cloud service is implemented, the company can save its efforts on maintaining staff for
looking after technical issues, hardware devices, updating the technologies, servers, databases
etc. This efforts can be used for performing some important tasks associated to core business
activity. If the company is successful in flourishing its core business, it would be lot of easier to
achieve the competitive advantage over the competitors.
5. Good fault tolerance and disaster management:
The cloud service providers specialize in maintaining cloud servers. They have a strong backup
facility if any specific server breaks down. If such case happens, the traffic is immediately
shifted to another server. The site is fully equipped with measurements to handle the condition if
any disaster or fault happens. In this sense, the healthcare companies need not have to invest
large money in keeping disaster recovery system at its own location. (Yogesh Khullar, Ritesh
Khullar, Smita Raj, Dr. Mukta Bhatele, 2013)

6. Solving the issue of resource scarcity:

The scarcity of the resources is major issue in rural or underdeveloped regions especially in
developing countries. Due to shortage of resources, the healthcare companies are unable to
maintain required facilities such as networking devices, servers, data repositories at its physical
location. In such case, the access to the important data becomes very difficult. The adoption of
cloud platform could be the best remedy to solve this issue. Irrespective of the resources, the
healthcare companies in such areas could access the information and provide valuable service to
the patients. (Eman Abukhousa, Nader Mohamed And Jameela Al-Jaroodi, 2012)

19

The issues discussed above are very important when the healthcare company would be on verge
of making decision whether to adopt cloud platform or not. After referring lot of articles and
journal papers and articles, we have come to know that three issues mentioned above are main
challenge in adoption of cloud technology. We have shortlisted this issues as without a solution
about how resolving them, it is very difficult to implement cloud technology. Among this three
issues, security and confidentiality is the biggest challenge which deters most of the healthcare
companies to go for cloud. Maintaining the security and confidentiality of the patients data is
given utmost priority by healthcare companies. This issue will help us in analyzing what kind of
security threats are being faced by the XYZ clinic while adopting IaaS model. This issue would
benefit in analyzing the various security issues currently being faced by the XYZ clinic.
We have found out that availability of reliable service and performance of cloud server are
another challenges the companies face while adopting the cloud technology. As the overall
operations and functions would be maintained and taken care by cloud provider, the companies
would be remained any access to servers. As the healthcare companies handle important
information which should be available as and when available. This issues would be beneficial for
ascertaining how adoption of cloud platform would be advantageous for XYZ clinic, considering
the existing infrastructure.
In a nutshell, this three issues would help us to form a ground for conducting research about how
IaaS could be implemented at XYZ clinic and what would be the challenges in its
implementation. After complete understanding of this challenges, we could draft the measure for
minimizing its impact.
In conclusion, the issues discussed above are extremely important at the time of taking decision
whether to adopt cloud computing or not. We have found this issues common to all healthcare

20

companies who plan to shift to cloud computing for managing its operations. There are obviously
some benefits of cloud implementation such as low cost of operation, minimizing the risk
associated data loss due to physical damage of devices etc. The healthcare companies would
incur huge financial loss as well as possible damage to companys brand if the security and
confidentiality are compromised. In United States, the healthcare companies have to work
according to guidelines and regulatory compliance set by HIPAA. Hence, this issues are given
the highest consideration while moving to cloud technology. Especially in IaaS model of cloud,
the healthcare company has no control over service providers resources. The company can only
access and handle its applications which reside on cloud.
Thus, the solution regarding how to tackle this issues is very important. Unless the companies
obtain the positive way of resolving this issues, the companies would still remain in a dilemma
whether to go for a cloud service or not.

Methodology:
The project is divided in to three phases so that each phase have a constrained set of issues to
deal with. The first phase deals with basic terms like selecting the project topic after forming a
group. After selecting the project topic finding a potential issue after doing an intensive research
on the selected topic. After selecting an issue to conduct research on a tem contract document
should be written that helps the team to abide by certain terms and conditions throughout the
project. The roles of each individual in the group is decided and the roles may be constant
throughout the project or vary after a brief period of time according to the requirement. As this

21

project is a case study type research project the organization or sector should be selected and
necessary permission and resources should be gathered to conduct the survey.
In phase two the group conducted some initial interviews with few employees from the selected
organization to collect some basic information about the organization like whether they are using
the cloud services in their organization and if implementing the type of cloud service and
security measures taken to protect the patient data in this case as the research is done on health
sector. Based on the data collected from the interview in phase two a survey questionnaire is
designed in phase three in such a way that research issues/questions are answered and future
insights of the organization on implementing the IaaS is identified which will be a potential high
value information for the IaaS cloud service providers to enhance their services and improvise in
the areas like security and client friendly policies that makes even health care organizations to
avail the IaaS services of cloud that helps in cost cutting and also increases the efficiency and
security of the computing devices in health care sector. Another advantage of this research is it
helps the health care organizations to focus on providing better patient care which is their core
functionality by making it possible to outsource some of the major IT functionality like security
and maintenance. After collecting the data through the survey the data is analyzed by using
various methods and tools that are discussed in further sections of methodology. In this phase the
results are also tabulated and described clearly the outcome of the research.
To determine the measures and barriers of IaaS cloud computing in Healthcare organization the
data has to be collected from the employees of XYZ clinic through a survey questionnaire by
using tools like google forms and email. The questionnaire is designed in a way to gather the
opinion of employees from the Information Technology (IT) and Information Security (IS)
departments as we believe employees in these departments are the ones with expertise and
22

knowledge about the traditional infrastructure and cloud based infrastructure. The survey
questionnaire is limited to 5- 6 participants, is conducted only once and takes around 15 to 20
minutes for the completion of the survey.
Since the current research project is a case study, the survey questionnaire is suitable because it
will give the maximum amount of qualitative data that can be interpreted using various
measurement scales available. The data is collected through both open and closed ended
questions. Most of the closed ended questions use Likert scale (Bhattacherjee, Anol, 2012). Only
a few closed ended questions contain customized options. The open ended questions are utilized
where sufficient data cannot be collected using closed ended questions.
The information about XYZ Clinic for designing the survey questionnaire is collected by
interviewing the CIO (Chief Information Officer) of the Clinic about the basic structure and
functioning of the organization, the applications used, security measures and policies for both
physical infrastructure and the cloud applications to protect patient data. The organization is
implementing SaaS cloud and the cost benefits of implementing is not known as the CIO refused
to share that information due to some privacy issues.
Most of the questions in the survey contains options customized to the research and are open
ended that provide a text field to provide their insights of the employees. For e.g. there are
certain questions that ask the impact of implementing IaaS in healthcare sector which allows the
respondent to select multiple options that include positive and negative impacts of IaaS. The
collected data will be analyzed by converting them in to percentage and determining the
weightage of each option by graphically representing them in pie charts or bar graphs showing
the percentage of each option chosen by the employees of organization.

23

The data collected from questions that are closed ended and provides options based on Likert
scale (Bhattacherjee, Anol, 2012) has statements that indicate extent of agreement by
respondents (strongly disagree to strongly agree). The responses of this questions are segregated
and the number per each category are counted and their percentage is calculated considering the
total options as hundred percent and calculating the weightage of each option out of that hundred
percent. The responses of open ended questions consist of phrases that give respondents insight
regarding the question. These answers will be analyzed by the group members by interpreting
the options and check whether they match with the options provided by other respondents. If
everyone provides a different options in the others field provided it will be checked whether the
option provided is of potential value based on the question and the research aspects. If it is of
value to the research it will be added in the list of options like merits or demerits and if it is not,
the option will be discarded or ignored. For analyzing the data the tools like google analytics and
other analytical tools are used to interpret the data.
The survey is conducted through Google forms where all the questions with their respective
options are placed and the link to this form is sent to selected employees from IT and IS
departments working in XYZ Clinic. The survey requires authentication through Gmail where
the respondents logs in using their credentials and access the survey. After the respondent
finishes the survey the responses gets recorded and sent to the respective google forms account
from which the survey is created. After the responses of all the respondents gets recorded the
google forms tool provides tools to analyze the data and convert it in to the Graphical
Representation like pie charts, graph charts etc. which helps it easy to understand the information
to draw conclusions.

24

Results & Discussion:

Following in detail explanation gives an idea from the employee's perspective that is working in
information technology departments of health care business.
Q1). What are the current cloud solutions that are used in your organization?

In the current scenario, among the given cloud solutions the organization opted for SaaS solution
over the other cloud solutions since the technologies in this service support the web services i.e.
SaaS is closely related to the application service provider (ASP). Which implies SaaS
applications reduce the cost of software ownership as well as reduce the cost of licensing
software. Even though IaaS is the most flexible cloud-computing model for automated
deployment of servers, the IaaS customers have to pay on per-use basis the providers own the
system management & monitoring will become difficult for the clients. Organizations rely on
PaaS for key services such as Java development, application hosting, etc., if the PaaS vendors
25

change the development road map, i.e., provider changes supporting a certain programming
language, then the users will be forced to change language used or the provider itself which is
difficult and leads to disruptive steps.
Q2). Do you think applications related to health care are efficiently supported by cloud?

Employees working in health care business always have insecurity and constantly check on any
unapproved access or loss of sensitive data when depending on third party security suppliers and
cloud service vendors. The information that will be shared between the distinctive parties will be
encrypted at rest and in transit as well as in process, which implies that the security issues with
the medical information have been met to some degree which is why the acknowledgment rate
for the question is 20% more than the neutral opinion.

Q3). How satisfied are you with the current cloud applications?

26

Despite the fact that cloud computing in healthcare services is about developing an interest with
a couple of successful executions and numerous papers simply utilize the expression "cloud"
synonymously to use "virtual machines" or "electronic" with no depicted advantage of the cloud
paradigm. The greatest danger to the selection in the health services area is brought on by
including third party cloud partners: numerous issues of information safety and security are still
to be explained. Until then, cloud computing is supported more in particular, individual
components, for example, flexible, pay-per-use and expansive network access, as opposed to as
the cloud all alone.

Q4). At what stage is your organization in terms of Infrastructure as a Service (IaaS)?

27

The majority of the organizations agree that IaaS is in its trial phase since it's important for the
organization to work on the issues that the clients might encounter while using it, i.e., the clients
have to be accustomed with the characteristics of this environment that include automation of
administrative tasks, dynamic scaling and desktop virtualization.. For a medical organization, it
is very important to maintain the security of the data for which the complete knowledge of this
particular cloud solution is mandatory. Since few areas of the infrastructure have not been
answered as yet the organization must probably be discussing over them and the parts that the
organization is clear about have already started using the infrastructure for good.

Q5). What are the greatest barriers for adoption of the IaaS in your organization?
28

The employees of XYZ clinic voted for risk as biggest challenge they are facing to implement
IaaS. In health care sector, it is very important to have patients data protected. The next major
barriers are observed as physical control over information and data sovereignty and privacy. We
have to agree that the physical control will be transferred to third party vendors or service
providers, as it is their business to provide infrastructure as service. The service providers must
come up with solutions about this concerns and show successful implementation for removing
this barriers.

Q6). How likely will you continue to use present cloud services?

29

Since the organization is well equipped and also has sound knowledge of the current cloud
service there is no probability where the organization would be inclined to change the cloud
service. If there are any issues in the present cloud service that are left answered or not
responsive, then the management might want to change the cloud service. The issue probably
would be a risk of data breach, which sometimes may or may not occur because any cloud
service will go through this threat some or the other time. The majority of the times data
breaching is not an issue with the cloud service that the organization is currently using, then there
is a low chance of change over.

Q7). What do you think the main impact of IaaS will be on health care over the next five
years?
30

The health care industry always makes money on providing efficient services to customers. As
time passes, we may even have online doctors and patients information should be completely
online 24/7 for giving access to doctors being at remote locations. In this scenario, the cloud
service provides are important as they need to store all the data and give access to doctors. The

31

doctors doesnt like to spend much on infrastructure and always try to reduce risk of maintaining
it, as it is not his/her core proficient area. On the other side, everyone wants to have riskless
business while dealing with customers. So definitely we would forecast that IaaS would increase
with huge impact on global health care business markets.
Q8). What is your current level of knowledge on IaaS cloud?

In the IaaS cloud the third-party provider hosts the hardware, software, servers and storage on
behalf of its clients, which makes it easier for the clients to get efficiency with the infrastructure.
From the surveys we have learned the majority of the staff is familiar with IaaS cloud which
implies that not many resources are needed to get their employees come to the very familiar
zone.

32

Q9). What are the critical measures to be considered if IaaS is implemented in health care?

The employees have voted for security as critical measure in implementation of IaaS. An
organization has to even check for regulatory compliance requirements and would have many
obligations in the process of transformation. The physical and direct access control is always
with service providers or third-party vendors, so definitely the security of data is always a critical
issue to be taken care with alternatives measures readily available for the clients. As all this
33

business runs with support of Internet, if the Internet service is down then directly it will affect
the performance and disturb the work process. Its very important to have continuous
performance rating at highest level especially in health care systems.
10). How long have you been using the services provide by the cloud?

Due to the recent changes in health insurance portability and accountability act (HIPAA) the
cloud based services are more widely adapted by the medical organization, the past year has seen
tremendous interest in potential of cloud computing with many applications set to begin at the
cloud platforms.
11). How likely would you implement IaaS cloud service for your organization?

34

Medical data have few requirements for the security, confidentiality of the electronic health
records (EHR), authorized access to the data and long term preservation, all these requirements
are most likely taken care of by the IaaS cloud due to which the employees of the organization
are more inclined to implementing the service for the organization.
12). How do you rate the efficiency of your present cloud services?

As discussed earlier every cloud service will experience issues with the data security at some or
other time, the present cloud service still has a few issues with data security and confidentiality.
Employees have still rated cloud services 7/10, In future as health care sector is expanding the
need to control cost of setting infrastructure will definitely increase.
Many service providers need to even answer concerns of organizations on various factors
addressed as top priority that are stopping them from adopting IaaS cloud services. The factors
like risk of losing sensitive data and protection of data from hackers are very important in health
care perspective.

35

Recommendations & Conclusion:

Cloud service providers should focus more on implementing new security methods to health care
clients as security was the critical measure from the study made on XYZ clinic. To address the
security concern the service providers can use multi-level authentication mechanisms to access
the data to provide both physical security and data security. This can be achieved by adopting the
private cloud from the service provider which is expensive than the public cloud but is more
secure as a dedicated cloud server is allocated to the client. It is easy to make private cloud
compliant to policies like HIPAA and other health care policies. Choose the service provider very
carefully by knowing whether they are following all the policies and the other clients are HIPAA
compliant. By implementing high data security and privacy methods like encrypted (Virtual
Private Network) VPN tunnels between the cloud server location and client location through
which all the data transferred is encrypted using strong encryption algorithms. The organizations
should assume that nothing is secure, instead they should test each and every module thoroughly
for security loop holes before implementing them in health care organization. If the service
providers can provide IaaS cloud services with features that give more privacy and security along
with access control and dashboards that notify about the unauthorized access, security breach
then there will be a huge increase in the number of health organizations that use IaaS cloud
services.
After successful completion of research about implementing IaaS model of cloud at XYZ Clinic,
we found some factors which the clinic feels as a challenge. This factors have become barrier in
adopting IaaS model I compared to SaaS model of cloud. In IaaS, the client doesnt have any
control over cloud service providers resources except handling and modifying the applications
over cloud. During the interview with CIO and IT staff at XYZ clinic, we came to know that
36

security and confidentiality of the information is the biggest challenge while implementing IaaS.
Followed by this issue, the performance of the cloud server is another challenge. The XYZ Clinic
deals with important information regarding patients health, medicines prescribed, treatment
taken about any health issue in the past etc. This information must be accessible at any given
time.
Though the IaaS model have some limitations regarding security and performance, if deployed
properly, it could provide lot of benefits in terms of reduction in cost of operations, reduced risk
associated with maintaining infrastructure etc. The XYZ Clinic is interested in implementing
IaaS model in coming future. From our research it can be concluded that if the following
precautions are taken, the IaaS model can be proved as one of the best advantage for healthcare
companies:

Designing cloud model to better deal with internet threats

Integrating standard security measures to avoid web vulnerabilities
Keeping the applications up to date which are deployed over cloud
Following proper authentication standards in order to avoid unauthorized access to the data etc.

The mainstream vendors such as IBM, VMWare, Microsoft etc. have provided detailed guideline
about how to secure the cloud platform by releasing documentation. Finally, with the
advancement in technology and security measures, the IaaS would be rapidly implemented
across healthcare companies.

37

References:
1. Bhattacherjee, Anol, "Social Science Research: Principles, Methods, and Practices"
(2012). Textbooks Collection. Book 3. http://scholarcommons.usf.edu/oa_textbooks/3.
2. Sanjay P. Ahuja1, Sindhu Mani1 & Jesus Zambrano (2012), A Survey of the State of
Cloud Computing in Healthcare, Network and Communication Technologies; Vol. 1, No.
2;

Retrieved

from

http://www.ccsenet.org/journal/index.php/nct/article/view/19240/13560
3. Goce Gavrilov, Vladimir Trajkovik (2012), Security and Privacy Issues and
Requirements for Healthcare Cloud Computing, ICT Innovations 2012 Web Proceedings
ISSN 1857-7288
Retrieved from:
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.403.8984&rep=rep1&type=pdf
4. Yogesh Khullar, Ritesh Khullar, Smita Raj, Dr. Mukta Bhatele (2013), Impact of Cloud
Computing on Healthcare, International Journal of Modern Engineering & Management
Research, Volume 1, Issue 3, October 2013
5. Eman AbuKhousa, Nader Mohamed and Jameela Al-Jaroodi (2012), e-Health Cloud:
Opportunities and Challenges, Future Internet 2012, 4, 621-645
6. Yang, Haibo and Tate, Mary (2012) "A Descriptive Literature Review and Classification
of Cloud Computing Research," Communications of the Association for Information
Systems: Vol. 31, Article 2.
7. Janssen, Marijn and Joha, Anton (2011), "Challenges for adopting cloud-based software
as a service (SaaS) in the public sector" (2011). ECIS 2011 Proceedings. Paper 80.
8. Bu Sung Lee, Shixing Yan, Guopeng Zhao (2011), Aggregating IaaS Service, 2011
Annual SRII Global Conference.

38

9. Nabil Sultan (2014), Making use of cloud computing for healthcare provision:
Opportunities and challenges, International Journal of Information Management 34
(2014) 177184.
10. Jiunn-Woei Lian, David C. Yen, Yen-Ting Wang (2014), An exploratory study to
understand the critical factors affecting the decision to adopt cloud computing in Taiwan
hospital, International Journal of Information Management 34 (2014) 28 36.

11. Carlos Oberdan Rolim, Fernando Luiz Koch, Carlos Becker Westphall, Jorge Werner,
Armando Fracalossi, Giovanni Schmitt Salvador (2010), A Cloud Computing Solution
for Patients Data Collection in Health Care Institutions, 2010 Second International
Conference on eHealth, Telemedicine, and Social Medicine

12. Cloud Computing- Benefits, risks and recommendations for information security,
European Network and Information Security Agency (ENISA)
13. Retrieved from: https://www.enisa.europa.eu/activities/riskmanagement/files/deliverables/cloud-computing-risk-assessment
14. Infrastructure as a Service (IaaS) by CDW
Retrieved from: http://webobjects.cdw.com/webobjects/media/pdf/Solutions/cloudcomputing/Cloud-IaaS.pdf
15. Advancing Healthcare Delivery with Cloud Computing by European Coordination
Committee of the Radiological, Electromedical and Healthcare IT Industry
Retrieved from:
http://www.cocir.org/fileadmin/4.4__eHealth/eHealth_Toolkit_INT_2012_chap2.pdf
16. Cloud Computing
Retrieved from:
39

https://en.wikipedia.org/wiki/Cloud_computing

Appendix:
Survey Questionnaire (Measures and Challenges to Implement IAAS in Health care
sector).
1. What is the current cloud solutions that are used in your organization?
A. Software as a Service; e.g. Exchange online, Business Productivity Online Suite,
CRM Online, Salesforce.com

40

B. Infrastructure as a Service; e.g. Private cloud, Windows Server and System Centre,
VMWare
C. Platform as a Service; e.g. Windows Azure, Force.com, Google App Engine etc.
Other, Please Specify.
D. Private Cloud.
2. Do you think applications related to health care are efficiently supported by Cloud?
A. Strongly disagree
B. Disagree
C. Neutral
D. Agree
E. Strongly Agree.
3. How satisfied are you with the current cloud applications?
A. Strongly disagree
B. Disagree
C. Neutral
D. Agree
E. Strongly Agree.
4. At what stage is your organization in terms of Infrastructure as a Service (IaaS)?
A. Not involved or discussing
B. Discussion
C. Trial
D. Using
E. Implementation
5. What are the greatest barriers for adoption of the IaaS in your organization?
A. Data sovereignty & privacy
B. Physical control
C. Application model
D. Existing infrastructure
E. Regulatory compliance

41

F. Geographic proximity
G. Risk
H. Vendor lock in
I. Integration with existing systems
J. Not sure
K. Other please Specify
6. How likely will you continue to use present cloud services?
A. Very likely
B. Somewhat likely
C. Neutral
D. Somewhat unlikely
E. Very unlikely
7. What do you think the main impact of IaaS will be on Health care over the next five
years?
A. Ability to offer more of a service to health care
B. Less time Spent updating infrastructure.
C. Increased security risk.
D. Reduced security risk.
E. Reduced IT department headcount
F. Improved productivity and efficiency in health care operations
G. Reduced productivity and efficiency
H. No Change
I. Others, please specify.
8. What is your current level of knowledge in IaaS cloud?
A. I am just beginning to familiarize myself
B. I am relatively familiar
C. I am familiar
D. I am very familiar
9. What are the critical measures to be considered if IaaS is implemented in Health
care?
A. Security
B. Integration with Existing IT
C. Privacy
D. Transparency of Architecture
E. Availability
42

F. Functionality/customization.
G. Performance.
H. Policies and Agreements.
I. Others, Please Specify.
10. How long have you been using the services provide by the cloud?
A. Less than 6 months
B. 1 year to less than 3 years
C. 3 years to less than 6 years
D. 6 years or more
11. How likely would you implement IaaS cloud service for your organization?
A. Very likely
B. Somewhat likely
C. Neutral
D. Somewhat unlikely
E. Very unlikely
12. How do you rate the efficiency of your present cloud services?
Give rating on scale of 10
1
2
3
4
5
6
7
8
9
10

43

13. Do you have any suggestions or comments for implementing IaaS in Healthcare
sector?
Provide your answer in the text box below.

44