Do you really want to implement the service yourself?
Anyone with a credit card can self-serve into the cloud these days; but, there is a big difference between what you can do and should do. My wife would be happy to explain the difference after watching me attempt to assemble my recently purchased barbecue grill. The question, “Do you want it assembled?” seemed like more of an assault on my man-skills than an attempt to help me. I can assemble sophisticated computer networks, how hard could it be? The resulting hours of effort and stream of adult adjectives easily answered that question.
For a cloud implementation and, equally important, the downstream systems management, it’s worth asking the question: “Do I really want to do this myself?” As the popularity of the cloud in the healthcare ecosystem continues to expand rapidly, there are a few questions worth considering before jumping in with both feet. These may save you a significant amount of time, avoid costly changes and potentially save some future embarrassment.
Is this a development environment or a business-critical production system?
There is a big difference between an environment that is transient, internally focused and staffed by technical people and a production environment with a customer-focused mission critical application. The first may need a lot more flexibility for spinning up and down different environments while the second holds more concern about reliability, consistency of performance and security. Matching your needs to the cloud services is a critical first step.
Do I have the skillset to select the appropriate services, including security, capacity, and monitoring tools?
At one time I had to make a decision about rewiring part of my house. It was not a core skillset but at first glance it looked like I could save a bit of money. It was only after my wife pointed out the need to get it done quickly, the desire to have a reliable solution that worked all the time, the consequences if I messed it up, and the fact that it would take me away from family time, that I relented and hired an expert.
In a cloud environment, the question is similar. Does the organization have the skills to do a great job on setting up and managing the cloud (24 hours per day) while ensuring HIPAA compliance, and is that where they can best utilize their resources/time?
Can I recover my environment if something goes wrong?
Every environment faces an outage at some point. Recovery can be as simple and fast as restarting the systems in a few minutes or as fatal as not being able to recover your data at all. Determining what is business-critical is a first step in knowing what to protect. From there it is making sure the policies and services are in place to help you get back up quickly. A good cloud solution will provide the tools to help make that happen; a great one will provide the services to help you do it. Having a run book and practicing testing the procedures should be a standard part of your cloud plans. If you have to blow dust off your run book, it’s time to consider a different approach.
Am I doing all I can to ensure HIPAA compliance and protect patient data?
The heavily regulated healthcare industry requires round-the-clock vigilance when it comes to compliance and security. With the recent launch of Phase 2 HIPAA launches and latest spate of ransomware attacks on healthcare organizations, it’s important to question whether or not you’re equipped to handle this on your own or if bringing in a trusted partner can help extend your ability to protect your organization.
Will I need help with any of the above and who will answer the phone at any hour to give me a hand?
Most of us are not experts in everything, and hiring a team of experts in performance, reliability and security can be costly, especially if you need those experts 24 hours per day. For the things that are important to me, I hire trusted advisors to help me make decisions. I don’t expect them to make the decisions, but I do expect them to advise me in advance of the potential problems and solutions so I can be prepared if I have to face them. It was particularly useful when my teenagers were learning to drive and in preparing to pay for college educations.
I experienced this DIY vs. managed service debate myself when I ran marketing at a previous company. IT didn’t have time to focus on a program I needed and I had to determine if spinning up my own environment was doable. Security was critical, and my chops are in marketing rather than running IT. I determined that turning to a managed service rather than doing it on my own was not only appropriate for my company because of the security and compliance I needed dealing with customer data, but appropriate for me because it allowed me to focus my DIY efforts on my strength – marketing.
In the end, the decision may be less about who does the work and more about whether you can find the trusted partner who can not only get the project up and running but will be there when you need them downstream.