Epic Systems Moves Away From Google Cloud Citing Security Concerns — The Healthcare Industry Should Take Note

Epic Systems Moves Away From Google Cloud Citing Security Concerns — The Healthcare Industry Should Take Note

In Cloud, Technology News by Shelly KramerLeave a Comment

Epic Systems Moves Away From Google Cloud Citing Security Concerns — The Healthcare Industry Should Take Note

The News: Privately held Epic Systems, one of the largest providers of electronic medical record systems companies to hospitals and healthcare organizations in the United States, has announced a move away from Google Cloud, notifying — and warning — customers that it will not pursue integrations with Google Cloud and will instead focus on utilizing Microsoft Azure and Amazon’s AWS. (CNBC)

Epic Systems Moves Away From Google Cloud Citing Security Concerns — The Healthcare Industry Should Take Note

Analyst Take: Privately-held Wisconsin-based Epic Systems Corp. is a provider of electronic medical health record systems—think a digital record that replaces a doctor’s handwritten medical chart, along with billing tools, and scheduling software to some of the largest healthcare providers in the U.S.

Epic Systems’ installations in hospitals and other healthcare organizations are massive, and often run into the billions of dollars. One of the company’s biggest rivals is Cerner Corp., a Kansas City-based healthcare IT provider. As an aside, in other big technology news, just shy of a year ago, Cerner edged Epic out of a $624 million 2015 pilot program with the U.S. Department of Veterans Affairs centered around the use of its scheduling software, when a decision was made to abandon its homegrown infrastructure and move to a program that would be interoperable with that of the U.S. Department of Defense—provided by Cerner. This will be relevant later, I promise.

The Announcement is a Major Blow to Google’s Reputation as a Cloud Services Provider

This announcement in big news and a major blow to Google’s reputation and customer acquisition efforts as the cloud services wars between the big three: Amazon Web Services, Microsoft Azure, and Google Cloud, wage on. The word from Epic was reported to be that the company’s healthcare customers were reporting a lack of interest in Google Cloud, thus continued investment wasn’t warranted. Read that: Epic will no longer support integrations with Google Cloud.

Not Good News for Google, Especially on the Heels of Concerns About its Ascension Partnership and Other Deals

This announcement isn’t particularly good news for Google Cloud. In the healthcare cloud services market, Google lags significantly behind AWS and Azure. That doesn’t mean, however, that Google hasn’t been successful in landing deals, sometimes with major and well-known hospital systems and healthcare providers that are quietly embarked upon.

One of the most well-known Google healthcare deals, is currently facing a significant knock from privacy advocates. That is Google’s partnership with the Ascension hospital network, a Catholic chain of 2,600 hospitals, doctors’ offices, and facilities, that involves moving Ascension’s on-premise data centers to the Google cloud.

The partnership, code-named Project Nightingale, also involves a massive data project. The project analyzes data including lab results, medications, and diagnoses from patients of St. Louis-based Ascension, spanning patients in 20 states and the District of Columbia — involving some 50 million patient records. The goal of the project is purportedly to use Google’s artificial intelligence tools to recommend changes to a patient’s care, treatment plans, recommend additional physicians, etc., all without notification to the patients involved. For a deeper dive on that front, check out this podcast interview featuring Christina Farr, a tech and health reporter for CNBS and Reset podcast host Arielle Duhaime-Ross: Google just got access to millions of medical records. Here are the pros and cons.

This isn’t the only partnership Google has struck with health systems, including partnerships with the Mayo Clinic, Utah-based Intermountain Healthcare, Stanford University, the University of California San Francisco, and the University of Chicago and many other hospitals and healthcare providers.

Some of these agreements allow Google to access complete patient medical records, including names, dates of birth, medications, and diagnoses. It also means that Google is amassing a gigantic database of patient information, stored on its own servers, that is accessible to and analyzed by physicians, researchers, nurses, and likely Google staffers as well. All without any patient knowledge, consent, or ability to control.

What Google Says About Its Push into Healthcare: We Only Want to Do Good!

As is often the case with tech giants with eyes on big prizes, Google’s move into healthcare has been largely quietly executed. In a recent interview cited in the Wall Street Journal, the head of Google Health, Dr. David Feinberg, says the company’s move into healthcare is not about profitability, but instead all about doing good, and making people healthy. “I came here to make people healthy, I’m not here to sell them ads,” said Feinberg. “Google is so good at being helpful. We want to be helpful with knowledge, success, health and happiness.” Comforting, isn’t it? Google is good at being helpful. Google is also tremendously good at making money off of user data. Consider the potential here for commercializing health data, and, well, that line is a bit of a stretch.

Feinberg, speaking about the Ascension partnership, said “We didn’t know what we were doing,” about the company building such a large and incredibly sensitive program involving patient data without any transparency or public knowledge of the undertaking.

This isn’t the first time Google’s work with healthcare providers has been questioned around patient privacy issues. In July of of 2019, a UChicago Medicine patient sued the health system over data-sharing practices, when thousands of patient medical records were accessed and shared for a research project designed to predict patient outcomes.

Note that the Google – Ascension partnership is now the subject of a federal probe, instigated by the HHS Office for Civil Rights, a federal agency that enforces patient privacy under HIPAA laws.

Scalability, Reliablity and Security are (and should be) Key Factors Driving Any Cloud Offering

It should go without saying that when evaluating any cloud offering, factors of scalability, reliability, and security are critically important factors. Today, however, security is of utmost importance—and understandably so. Healthcare organizations (hospitals, clinics, healthcare centers, etc.) are primary targets of cyberattacks, with criminals targeting applications, endeavoring to install malware and spyware, and executing DDOS and ransomware attacks with increasing regularity. Patient records contain a wealth of personally identifiable healthcare information (PHI), hijacked medical devices can be used to mine cryptocurrency, and ransomware attacks can shut down devices, servers, or even entire networks until a ransom is paid. There’s a reason that the healthcare cybersecurity market is predicted to be upwards of $27 billion by 2026 — healthcare is the juiciest of targets.

Epic Systems’ Statement About the Move Away from Supporting Google Cloud

When asked about the decision to move away from supporting Google Cloud, Seth Hain, Epic Systems’ vice president of research and development declined specifically to comment on Google or other vendors, but said the following about the factors the company uses to decide which vendors to support:

“We invest substantial time and engineering in evaluating and understanding the infrastructure Epic runs on. Scalability, reliability, and security are important factors we consider when evaluating those underlying technologies.” Hain further remarked that the company is interested in supporting “the infrastructure the Epic community uses today and is likely to use in the future.” Clearly, Google Cloud is not in the picture as it relates to Epic’s future.

When it Comes to Health Data, Epic Systems and Cerner Agree — The Healthcare Industry Should Heed These Warning Signs

Both Cerner and Epic Systems are reported to be picky about data-sharing standards. The Wall Street Journal (in an article that contained the above-mentioned quote from Google’s Feinberg), reported extensively on Google’s Quest for Millions of Medical Records a few weeks ago. I would consider this ‘must read’ content if you’re at all involved in the healthcare space, especially as it relates to cloud services offerings.

The WSJ cited Cerner’s early 2019 decision to walk away from $250 million in discounts and incentives offered by Google related to the company’s search for a storage provider for 250 million health records as an indicator that the company is not universally trusted within the healthcare industry. Cerner ultimately opted to work with AWS for its storage needs in this instance.

When gigantic companies, like Epic and Cerner, choose to not support prospective clients using Google Cloud services, one can assume those decisions are made with good reason, as there are significant financial implications involved.

I believe the healthcare industry should proceed with caution as it relates to cloud services vendors and heed these warnings. Federal agencies, legislators, and regulators are, and should be, paying much attention to these deals, alongside privacy advocates and others. The potential commercialization of patient health information shouldn’t be something built on the backs of unknowing patients, without their knowledge or consent—and yet, here we are.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Other Insights from the Futurum Research Team:

AQSACOM Shows Why Lawful Cyber Intelligence is Top Priority for 5G World

New Data Privacy Proposal Points the Way Toward Possible Compromise Between Tech Cos and Users

Massive GDPR Fines Mean Investors, Board Members Rethink Cybersecurity

Image Credit: HealthITAnalytics

 

The original version of this article was first published on Futurum Research.