Bill Russell, SVP, CIO: Why Health Care Needs the Cloud (Among Other Things)

With more than 800 active health IT applications to maintain, Bill Russell has no time for distractions. The senior vice president and CIO of St Joseph Health—a nonprofit integrated health-care network that includes 14 hospitals in California and Texas—has a lot on his plate. There’s even more since the system’s February 2013 affiliation with the network of Hoag Memorial Hospital Presbyterian to form the regional Covenant Health Network (Irvine, California), covering an area stretching from California’s Orange County to the High Desert.

Russell, a relative newcomer to health care, has IT expertise informed by 26 years of consulting in the telecommunications, banking, engineering, and manufacturing industries. He specialized in cloud consulting at the time of his leap into health care.

It’s surprising that it is not the sector’s regulatory and security concerns that differentiate health care from the world of business IT, in Russell’s opinion. “Every industry has stringent security requirements, and while the regulatory environment in health care is complex, to be sure, it is just as complex in other industries,” he says.

The differences, he believes, are data complexity and the proliferation of proprietary systems. “The complexity is enormous, compared with tracking investments, balances, production, and even supply-chain activities,” he notes. “In the coming years, health care will become very personalized, and this will increase the number of permutations and variations on the data.”

For this reason, he believes that health care should focus on data management that is specific to health care and not distinctly an IT function (which is where cloud-based applications enter). “For example, we need to understand that the care and maintenance of data centers, servers, storage, and—in some cases—networks are not distinctly health-care work, and we should move these items to the cloud,” he says.

Initial Cloud Moves

The easiest cloud technologies to implement are infrastructure-as-a-service, or IaaS, technologies, which cover the data center, servers, storage, network, and management platform associated with that equipment. “We view this as an opportunity to get out of the data-center–maintenance business,” he says. “This will save us several million dollars over the next three years.”

St Joseph Health also deploys a number of software-as-a-service (SaaS) technologies, including a cloud-based vendor-neutral archive (VNA) for medical images and a popular open-source analytics platform. In the next two years, it will roll out a cloud-based human-resources application.

“SaaS provides some interesting opportunities and challenges, as we move forward,” Russell says. “While the central storage of information such as PACS images is intriguing, you have to be aware of vendor and data lock-in. We expect to be able to access just about every piece of data we store in the cloud programmatically, through application programming interfaces (APIs): We don’t want to trade one trap for another. Proprietary clouds are what we are trying to avoid.”

For instance, if St Joseph Health wants to deliver PACS images to a patient portal, it doesn’t want to be locked into the vendor’s portal solution. “We want to be able to extract those images using APIs and deliver them in whatever portal we decide to use,” he explains. “We use a cloud-based VNA for storing and delivering our images to various platforms.”

To choose a cloud solution, ask the same questions asked of any application, Russell advises: Is it open? Does it have service-oriented architecture? Does it have APIs? How good are those APIs? How secure is it?

“We need our cloud providers to understand that when we put our data out there, they don’t own our data. They can’t trap our data,” he says. “We need to be able to get to discrete data elements at every stage of the development cycle. When we look for cloud providers, we are looking for characteristics found in service-oriented architecture.”

Time and again, Russell returns to the potential efficiencies that can be achieved using a cloud-based application. If a hosted cloud application doesn’t provide appropriate security and an architecture that maintains what he calls clear layers of abstraction, then Russell will build and maintain a private cloud to provide the platform for the application.

The Essential Shift

Building platforms that provide future flexibility through layers—not silos that trap information in proprietary information systems—is the essence of Russell’s work at St Joseph Health, as the health system moves into uncharted territory under health-care reform. “We have to start thinking in platforms,” Russell says. “

He continues, “None of us really knows the future; we can see glimpses. Every new technology we put into place must be viewed in its ability to interact with and provide value as a whole, and not just as an individual piece. We have close to 800 applications at our system, many of which were selected for the value they bring to one department or a single site in the system. When they were selected, they were celebrated for their ability to address a problem that we faced. Over time, the problems change, and applications become obsolete.”

He adds, “Platforms have the ability to evolve. Platforms have layers of abstraction that allow us to put new interfaces and workflow on existing data and deliver new value to the organization. This is a paradigm shift in health care: Health care thinks in big, proprietary systems. We have to break out of that.” 

Health care’s immediate opportunities to rehabilitate its IT profile lie in integration, application rationalization, and data governance, Russell notes. “While none of these items are quick hits, they represent millions of dollars in savings for health care,” he says. “Understanding where every application fits in your environment and how everything interacts is really the most important thing. It’s data governance, and it’s application governance. A lot of times, in health care, we collect applications. We don’t throw away old applications; we just add new applications on top.”

When Russell describes service-oriented health-care IT architecture, he makes it sound almost simple: A database layer is abstracted from a communications layer, which is abstracted from a presentation layer. “We never really get bottlenecked or trapped. We can replace a layer instead of a complete application silo,” he explains. “In reality, if we have the right architecture, we could take the data abstracted from the presentation layer, and if we put another presentation layer on top of those data, they still have value, and we can still do some things with those data.”

Security Bugaboos and the Jetsons Future

Although he states that security is equally important to all of the industries in which he has served, Russell does not minimize its importance. “Above all else, our top priority in health-care IT is to ensure that the appropriate security measures are in place to protect the confidentiality of all of the data that are being stored at all times,” Russell says. “I can’t emphasize enough that you can’t outsource security. We have to ensure that our cloud providers adhere to the policies and regulations that our specific industry requires, and in some cases, this will take some solutions off the table.” 

Security begins with the business-associate agreement, and Russell uses a third party that penetrates the cloud environment and audits practices outlined in the agreement. “We need to know what those data are; who has access to them; where they are being stored; how they are being stored; and what the policies, procedures, and practices are concerning those data,” he explains. “That will rule out some providers: You struggle to do that with a Google.”

Looking into the future, Russell envisions a bigger clinical role for the cloud in a Jetsons-like future. “I hope we can get through the privacy and security concerns and get to a point where I personally have more monitors on my body than my car has on it,” he says. “In a family with heart issues, it would give me peace of mind to know that I can be monitored every minute of every day, and that technology will sift through the mountains of data and identify potential issues prior to their becoming an event. If we can predict it, a week or so before the heart event happens—with an early-warning system—it would go a long way in improving the health of our communities.”

He sees an even more important preventive role for technology in teaching children how to live healthy lives by providing them with the feedback and encouragement that they need to “stay the course, over their lifetimes,” he says. Russell checks his phone about 50 times a day. “Email, stocks, online games, Facebook, and Twitter: This is the new norm,” he says. “If we had more ways to check on our health, we might have the opportunity to nudge behavior, at a young age, and have long-term impacts.”

Editor’s note: This article and its sidebar were originally published in the August 2013 issue of