The business value of an OpenStack cloud

There is a lot of hype around OpenStack today. But OpenStack seem so complex to deploy, manage, upgrade.


What is OpenStack and what value does it bring to an organization?

OpenStack enables an organization to build applications quickly.

  • Elasticity: Applications that can expand as demand grows; shrink as demand lessens.
  • High Availability: Applications that can survive failure of the underlying hardware without any interruption to the end user.
  • Automation: Add compute,networking and storage using an API or a web dashboard.
  • SelfService: Enable end users to self service their needs for compute,networking and storage without waiting for the IT department to fulfill their requests.

This agility, automation and self service allows organizations to evolve to meet the demands of users and customers who want applications

  •  OpenStack is open-source which means any organization can download the software and contribute to the project.
  • OpenStack is hardware independent and not tied to any particular vendor.

To learn more about the business value of OpenStack, attend the OpenStack summit in Vancouver, but first help my three sessions get nominated for the summit as follows:

  1. How to save money and improve agility with Network Functions Virtualization (NFV)
  2. Comparing your choices, OpenStack or VMware to build a private cloud
  3. What’s the difference between AWS public cloud and OpenStack

Thank you!


Why and how you can and should understand your healthcare costs

As a consumer when I make a new purchase, the price is clearly marked, whether it is a washing machine, bar of chocolate or menu item in a restaurant. The price is fixed and not negotiable. Indeed the .com era heralded many price comparison websites such as: etc….

Two exceptions: (1.) the car market, where “sticker price” varies – what you finally pay after haggling (2) the housing market which is also driven by offers and counter-offers until a deal is signed. But in both cases, the consumer at least has a starting price point.

So why is the price of a healthcare procedure unavailable to the patient?

When a patient goes to the doctor there is no discussion of price. The patient (and often the Dr) have no idea in advance what the visit and procedures will cost. Charges and payments are “contracted” or negotiated between the healthcare provider and the various insurance companies. Often the patient only finds out the cost after the bill has been submitted to the insurance and the patient is faced with a deductible, co-payment or co-insurance or worst case no insurance!

Imagine this…. before going to see the Dr you have access to this information:


Before a Dr visit, I believe the patient should be entitled to know:

  1. Cost of the visit to the Dr office
  2. Cost of associated procedures such as labs, blood tests, xrays
  3. Amount insurance will pay
  4. Amount the patient is responsible to pay.

This would allow the patient to shop around for prices and not accept the de-facto charge. (Of course this only applies to patients with a PPO insurance, not HMO)

There are efforts to provide healthcare cost transparency:

  • AnthemBlueCross does not have a cost estimator.
  • United Healthcare has a cost estimator
  • Cigna has cost estimate application (login required).

Here is a non-partisan effort to allow patients to shop for healthcare by price:

Patients – understand the breakdown of your healthcare bill and how you can shop for alternatives and even negotiate the cost. When you shop for a car, you learn to understand miles per gallon, frequency between oil changes, road handling; if you buy a washing machine you may want to know gallons/liters of water used per load.  

Thus you should learn the terminology and key terms used in medical costs.

Medical professionals use numerical codes when they diagnose patients and write up the diagnosis or medical procedure. Everyth diagnosis has a code from a dental filling to a heart transplant. There are two major codes in use, CPT and ICD. 

  1. CPT codes – Current Procedural Terminology.
  2. ICD-9 – International Classification of Diseases.

Armed with this information you the patient can understand your healthcare costs as follows using a CPT lookup. Ask your healthcare provider for the CPT code of the procedure, then before undergoing the procedure find out from your health insurance how much they cover and what you owe. Use the CPT code to shop around from other providers and get the best price.

Can HealthIT exist in a cloud computing environment?

Healthcare Clinical Information Systems can be hosted in the cloud as described in this HealthcareIT News article. Hospitals are not rushing to embrace public clouds rather for privacy and security reasons hospitals are hosting applications in a private cloud. A radiology application is highlighted, for example Carestream Vue – the benefit being collaborative view of radiology images amongst phyisicans who don’t have to use a computer at the hospital to use the RIS/PACS software. 

To translate the HealthIT News article terminology into cloud computing terms, I will quote some of the sentences and provide links and details

Financial benefits

“Cloud-based healthcare IT services reduce or indeed eliminate investment costs and replace them with running costs.”

Deployment benefits 

Enables the user to deploy whatever tool and whatever client wherever they want. And in addition, they don’t have to become IT gurus themselves to maintain the system

In cloud computing “investment costs” = CAPEX (Capital Expenditure) and “running costs” = OPEX (Operational Expenditure). For healthIT professionals who need an overview of cloud computing, please see this post

Software as a service (SaaS) and infrastructure as a service (IaaS) have been marketed as potentially attractive alternatives to buying large-scale information systems

Here is SaaS  and IaaS explained for those quite unfamiliar with the terms.


EMR vs EHR redux

Nate Bagley from Software Advice asked me to review his article and it jogged my memory… I wrote this a few years ago.  Only Nate offers some Google data to back up the idea that essentially an Electronic Medical Record (EMR) is a patient’s medical record sourced from one provider; an Electronic Health Record (EHR) is sourced from several providers. This is in line with Nate’s quote from Don Fluckinger, “EHR seems to refer to a record that can be shared back and forth and amended among multiple providers.

If I get my healthcare from one provider, say Sutter Health, where one electronic record is shared between primary care, nurses and specialists, is that an EHR or EMR?

Until the NHIN or HIEs gain traction, Sutter’s health record cannot be shared with Stanford Hospital literally across the street!

Back in the saddle, galloping to secure electronic health data.

Gentle reader,

After a hiatus of a few weeks, adjusting to my new position selling this, I am back in the blogosphere.

With my new focus on security for cloud, virtualization and general data center, I bring a new perspective and focus on healthcare IT – that is security of patient data. Ever so important if patient records are going to go electronic, especially if stored in the cloud. Aside from my new paid position, I have also had the privilege of volunteering under the stewardship of Arien, as the leader of the Security and Trust Workgroup of NHIN-Direct. I also have the privilege of working with the likes of Sean Nolan, who wrote a terrific compliment on my comparison of a Google and Microsoft PHRs.

So, securing electronic health data: Last week I attended a CSO (Chief Security Officer) conference in San Francisco and learnt some interesting lessons:

  1. Trust is fundamental in healthcare – patients may not disclose an embarrasing disease if they fear the data is not private.
  2. Security is required for regulatory purposes and patient safety.
  3. Computers are not personal. When IBM coined the term, PC or Personal Computer, computer users at work believed that the computer they used was theirs. Thus security software that is designed to restrict the flow of data, prevent users from accessing certain websites, download specific files or copy files to disks/thumb drives is viewed by the user as an invasion of their personal space, a restriction on their personal computer. Don’t make users paranoid to do their job or feel that big brother is watching their every mouseclick, but rather explain the highly personal nature of healthcare records and the need to secure access.
  4. Refine business processes. Often one reads of data lost when a laptop or external hard-drive is stolen, for example: 600 patient records lost on a stolen laptop. A natural reaction is one of horror and surprise. While certainly justified, a more analytical reaction would be “Employees are rarely malicious or dishonest, so what business process necessitated copying patient data to a laptop?” Refine, the business process that necessitated this action. Remove the individual choice of where to store patient data, rather make a business decision and apply a policy based on the data.

More on cloud and SaaS security to follow. I was pleased to read that the VA is taking steps to tighten security.

It’s good to be back!