Public and private cloud computing at a hospital

In a meeting with senior management at Harvard Medical School, one of our leaders asked, “What is our cloud strategy?”

My answer to this is simple.   The public cloud (defined as the rapid provisioning and de-provisioning of CPU cycles, software licenses, and storage) is good for many things, such as web hosting or non-critical applications that do not contain patient or confidential information.

At Harvard Medical School (HMS) and Beth Israel Deaconess Medical Center (BIDMC), we’ve embraced public cloud technology, but transformed it into something with a guaranteed service level and compliance with Federal/State security regulations  - the private cloud.

Here’s the approach we’re using to create private clouds at HMS and BIDMC:

1. At HMS, we created Orchestra, a 6000 core blade-based supercomputer backed by a petabyte of distributed storage.   Thousands of users run millions of jobs.    It’s housed in Harvard controlled space, protected by a multi-layered security strategy, and engineered to be highly available.  We also use grid computing technologies to share CPU among multiple high performance computing facilities nationwide.

2. At BIDMC and its physician organization (BIDPO), we’ve created a virtualized environment for 150  clinician offices, hosting 20 instances of logically isolated electronic health record applications per physical CPU.   It’s backed with half a petabyte of storage in a fault tolerant networking configuration and is housed at a commercial high availability co-location center.

3. At BIDMC, our clinical systems are run on geographically separated clusters built with high availability blade-based Linux machines backed by thin-provisioned storage pools.

Each of our private clouds has very high bandwidth internet connections with significant throughput (terabytes per day at HMS).   The bandwidth charges of public clouds would be cost prohibitive.

We are investigating the use of public cloud providers to host websites with low volume, low security requirements, and no mission criticality.  Public solutions could be better/faster/cheaper than internal provisioning.

Thus, our cloud strategy is to create private clouds that are more reliable, more secure, and cheaper than public clouds for those applications which require higher levels of availability and privacy.   For those use cases where the public cloud is good enough, we’re considering external solutions.

Someday, it may make sense to move more into the public cloud, but for now, we have the best balance of service, security, and price with a largely private cloud approach.

John Halamka is Chief Information Officer of Beth Israel Deaconess Medical Center and blogs at Life as a Healthcare CIO.

Submit a guest post and be heard on social media’s leading physician voice.

email

Comments are moderated before they are published. Please read the comment policy.

  • http://drpullen.com Dr Pullen

    Sounds great for a huge wealthy organization like Harvard. For we ordinary folks the public cloud is likely more secure than and in office hardware

  • http://www.careinsync.com Siva Subramanian

    John,
    Impressive as these three examples are in their size, volume and uses, could you share with us something specific about these examples that makes it worthy of the “cloud” moniker?

    Just curious to know if there is more to a private cloud than giving a hosted datacenter app a cooler name :)

    i.e. Private Cloud = App running on a few servers + X
    What is X?

  • Drashish

    And to think in my little solo medical practice,, I manage to take of 1500 patients efficiently achieving PCMH quality of care goals : all with just an iPhone, laptop, and Comcast Internet connection to my Eclinicalworks emr.

    regardless, Dr Halmaka very impressive. Incidentally, I agree with above, why is a cloud strategy needed at all?