We’ve all been hearing pundits rave about how SaaS (software as a service) is the next wave of technology (mainframes, desktop PCs, and client/server systems being earlier waves). I certainly agree that software running “in the cloud” is a great idea for lots of reasons. However, companies in general, and healthcare enterprises particularly, need to be careful putting any mission-critical data into the hands of other firms no matter who they are.
By now most of us have probably heard that the Microsoft Windows Genuine Advantage (WGA) system that verifies users have valid Windows licenses went down for over 19 hours on Friday evening and began to disable operating systems around the world. This service, which Microsoft explains is an “entitlement solution” is usually a good idea for businesses with lots of client PCs to manage but if the outage would have lasted into Monday it would have wreaked untold havoc (even more than any dangerous virus would have). Millions of PCs would have been told they were no longer “authentic” and been told to disable themselves.
So, what does this have to do with healthcare? Well, lots of healthcare IT firms are selling SaaS solutions (WGA is also SaaS). As long as the network is working things are fine but if the network is having problems or the vendor is having server issues, business literally stops. You need to have worked out backup plans for what you’re going to do if your business critical online app suddenly becomes unavailable. Will you go to paper? Wait until it comes back up?
Another problem with SaaS is given your data over to another firm — and then the firm going out of business. What happens to that data? Will you ever get it back? In what format and will it be usable? What about if their servers get hacked and your data is modified? If you are a regulated entity, will their policies about data loss affect you?
My strong suggestion is for everyone who is doing any business with online vendors is to ask for their appliance strategy and roadmap and if they don’t have one, think twice. What that means is that if they have created great software to “run in the cloud” they should be able to create a version that runs on an appliance (basically a server) that can be installed within your own datacenter or IT closet. By getting the same software and running it locally you get the benefits of online access but without losing control or being at anyone else’s mercy. If you run the software in your environment it costs you a little in power and IT management but if the data is important enough and the job the software is doing is mission-critical then it’s certainly worth it.
If you’re dealing with a reputable vendor with a good technology strategy they should be able to give you some ideas of what their appliance strategy (if there is one) looks like. If they don’t have an appliance strategy, ask them to explain why not and what they will do about an outage, data loss, hacking, etc.
The lesson here is that even a company like Microsoft, which definitely knows what they are doing in the server space and online applications arena, can have business-critical outages certainly the smaller vendors can, too. Better to take a lesson now and be prepared.