Best Practices for Migrating to Cloud Computing in Healthcare

Today, True North ITG CEO and CISO Matt Murren will conclude the discussion on the benefits, challenges and first-steps for a healthcare organization when moving to IT.

In part-one, Matt offered insights into the challenges healthcare IT faces in their cloud-migration efforts. In part-two, Matt highlighted concerns and benefits of shifting electronic health records (EHR) to the cloud.

With part-three, we began examining the issues you must account for when devising your cloud migration strategy. In part-four, we discussed the challenges of migrating healthcare IT to cloud, with part-five focusing on the costs of a healthcare organization’s cloud migration.

We also examined the differences between public and private cloud solutions in part-six.

In part-seven, we conclude our discussion with True North ITG CEO and CISO Matt Murren about healthcare IT migrating from on-premise to the cloud. Today, we look at the a health institution’s best steps to migration and, above all, some major red flags.


To finish off the series today, I want to start looking what happens after you’ve selected a cloud provider. For example, you’ve locked down on a managed services provider, you know you want to shift to the cloud, and you’ve done your assessments and analyses.

First Steps to Migrating to Cloud Computing

I want to start looking at some of the best practices for cloud deployment as a healthcare organization, especially when you’re starting to look at transforming healthcare through the cloud environment.

Let’s start at the logical beginning: How would you start the process itself?

Matt Murren:

The first piece, in what we call cloud readiness assessment – i.e. the discovery and analysis of what I have, what do I want to move, what’s high, medium or low priority –  falls into the total cost of ownership and return-on-investment (ROI) on the capital versus operating view.

It really starts with that discovery. That’s really the most important starting point.

Can Internal IT Teams Do Proper Assessments?


With discovery being such an absolutely critical component of successfully deploying the cloud, do you think this could be done by an in-house team? What experiences have you had looking at a cloud readiness assessment that was done by an in-house team?

Matt Murren:

We’ve absolutely seen them done very well, and we’ve certainly seen some that were very poorly done. It’s not impossible.

It really depends on how well-versed your IT staff is and how much experience they have in different cloud platforms. Certainly for us, if we have an IT person that knows the VMware very heavily, they’re going to translate in our environment very well.

A major issue stems from a lot of IT folks who are not familiar or don’t understand how certain architectures and configurations will actually optimize cost, especially in a way the technology is designed to compress and produce productivity in a way that you actually tune the system.

For example, if you own a race car, you may have someone that understands how to fix the engine, but they may not understand how to really do the fine-tuning to make sure you’re also getting the most out of that engine.


It’s interesting that you said that. So if somebody was now trying to assess that first question,

what would you say that the IT team would have to look like at a bare minimum to be able to have an effective cloud readiness assessment done internally?

On the flip side, what if you were missing anyone of these bare-minimum components? Then, you really don’t have what you really need to prepare for one of these things?

True North brings in a lot of resources to ensure a cloud readiness assessment and plan is fully optimized and reflects the actual needs of the healthcare organization.

If an organization was to run into one of these issues themselves and, in turn, reach out to a MSP after that, what would be the minimum skills necessary on-hand to make sure that they can trust the assessment that was made in-house?

Need Assistance in Building Your Cloud Migration Assessment?

Essential Requirements for a Proper Cloud Migration Assessment

Matt Murren:

They’ll certainly want virtualized server experience and a deep understanding of their system.

There are a lot of tools that we use when we assess workload that may not be familiar to them.

Not that they’re hardly used, but data comes in at different flavors and a lot of it just comes in the lens that we look at that data to make an assessment. It’s not that it’s not possible. We’ve seen IT departments and staff do a really good job at it. It just really has to do with their level of sophistication and their knowledge of technology, specifically the cloud platform.


Let’s now look at the health organization that is looking to outsource to a vendor.

Where should they start? What should they consider when selecting a vendor? How can they make sure that a vendor is right for them? Do vendors differ at some level and should they keep that in mind as they’re short listing their considerations?

Matt Murren:

First, you have to look at where the data center and cloud environment are geographically located and the level of physical security those facilities maintain.

We at True North often provide tours of our data center. We do it to demonstrate the physical security of the client’s data, that’s certainly number one.

Second, healthcare organizations ask ‘‘what security and compliance credentials do you have to prove that you’ll protect patient data on behalf of the organizations?’ Since security is very important, which is why we adhere to the SOX standards and HIPAA compliance.

Third, look at failover. How would an organization replicate that data offsite in the event of a disaster? Or just consider a simple data loss event – how would that be configured? Is there a failover path so I can get to my data, such as a secondary location?

Speak to an IT Expert to Ensure That Your Hospital’s Cloud
Migration Strategy Complies with HIPAA

Contact Us

Possible Cloud Migration Issues in Healthcare


The final question: what are some red flags?

If you’re considering a cloud vendor what are some red flags the decision maker should keep in mind when they’re shortlisting their IT vendors? Things that, if not considered, can lead to a very painful long-term relationship?

Matt Murren:

In healthcare, demonstrating knowledge and awareness of healthcare compliance around data is big. There are many hosting cloud and hosting organizations that do ‘one-size-fits-all’ without focusing on the specifics, such as HIPAA. HIPAA is a huge concern to a healthcare organization alongside just making sure their systems are operating.

I’d certainly look at reputation and the vendor’s ability to support healthcare workflow.

Obviously, costs are always a consideration. You should compare apples to apples via at least three different vendors to make sure that you are looking at different size and types of offerings.

Make sure you’re making a good decision.


That’s perfect. Well, thanks Matt. I definitely appreciate your time today.

You definitely provided a lot of value that should help decision makers ensure that they are transforming their healthcare organization the right way through cloud and not going down the dangerous paths that exist.

Join Our Newsletter & Learn

Get our latest content delivered to your inbox.

Speak to an IT Expert

Book a Complimentary 30 Minute Consultation