<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1843331519326053&amp;ev=PageView&amp;noscript=1">

Sagitec logo


FHIR Compliance: Cloud Deployment Options for Health Plans

  • Lakshminarayanan Saravanan
  • Wed, Nov 04, 2020
  • CMS Mandate

In an effort to provide members with access to their health data, government sponsored health plans are required under the new CMS mandate to better support interoperability and access to patient data. With the mandate coming into effect in only a few months, payers need to act quickly on ensuring their organization's compliance. One of the key steps in ensuring ongoing compliance is to evaluate and choose the right type of cloud deployment model for the FHIR server. The choice comes down between two options: cloud-hosted open-source system (OSS) FHIR server and managed FHIR server offered as Platform as a Service (PaaS).

Health plans that already have their infrastructure on the cloud will see a relatively easier integration with this PaaS deployment model. If, on the other hand, a payer is still in the nascent stages of cloud adoption, it should start with leveraging cloud infrastructure services for hosting the OSS FHIR server. Doing so would more closely align with the information security controls for an on-premises system. While there is an increasing trend in the market for adopting cloud-based services, it's fair to assume that most payers will need to decide which solution is best for them. To help you clearly understand each approach's benefits and drawbacks, here is what you should know.

Cloud-Hosted Open Source Systems FHIR Server ( E.g., HAPI Server )

In this approach, health plans leverage the cloud infrastructure services like VMs, NSG, Firewalls, etc. for hosting the OSS FHIR server. With on-demand provisioning of multiple environments and the ability to monitor and forecast cloud usage and cost, it provides an open and flexible solution for compliance. But it doesn't come without its drawbacks. To accommodate growth and security compliance, organizations will need to review and scale their infrastructure periodically. Further, they will have to identify suitable cloud services that meet regulatory security requirements, such as HIPAA, HITRUST, etc. Planning for failover and disaster recovery isn't a standard feature with this deployment, so health plans will need to ensure that all of their bases are covered independently.

PaaS FHIR Servers ( E.g.– Azure API for FHIR )

This approach helps health plans to outsource the care of operations, maintenance, updates, and compliance to cloud service providers. Further, they also help manage regulatory changes by providing periodic product updates, which allows your organization to stay focused on what it does best. This does require handing off control of underlying cloud sources, such as databases and app services, and creates a dependency on the vendor to meet updates and upgrades. Plus, due to these extra features, PaaS costs are higher relative to OSS.

Now that you understand the pros and cons of these cloud deployment models, which one is best for your organization? If you're looking for a PaaS solution that can help reduce costs and compliantly deploy a solution quickly, then it's time to learn how Sagitec's HealFHIR can help. With a price of five cents PMPM and 100 days to deploy, we can quickly and efficiently provide a configurable solution for you. Learn more about HealFHIR and get in touch with us today.

Learn More

Topics: CMS Mandate