Using a cloud service for e-mail security saves labor costs. "The time and money to run, maintain and back up those systems in-house cost a fortune compared to hosted solutions," McDade says. In the past, when major virus outbreaks came in through e-mail, "we would more or less have to drop everything we were doing to track it down on our internal servers," he says.
The process of finding and getting rid of e-mail problems internally took hours and was disruptive to operations, McDade says. With the cloud-based application, the vendor handles all the necessary filtering. He estimates that the district is saving at least $20,000 a year by using the cloud service.
The Rawlings Group, a provider of medical and pharmacy claims-recovery services, also has a mixed IT environment. While non-cloud systems handle highly sensitive data, the company uses several clouds, including an internal one in which some 600 systems form a grid that supports database access and data-mining applications.
The internal cloud houses healthcare-client data, says Kevin Landgrave, senior vice president of IT at Rawlings. The grid, which Rawlings launched about a year ago, has helped the company handle its growing data processing demands, he says.
"This is primarily a client comfort and approval issue for us," Landgrave says. "Our agreements with our clients are very specific about how and where we store their data, and the processes used to access the data. We'll need further guidance from the government--around what 'minimum necessary' means in terms of transmitting data for HIPAA business associates under HITECH, and how it might affect the transmission of electronic health records--before we're willing to ask clients for approval to store their data outside of our facility." When a HIPAA-covered entity discloses protected health information to a cloud provider, Landgrave says, it risks exposure to federal data security breach notification requirements under the HITECH Act. (, regulations and guidelines directory provides summaries and links to full text of these and other requirements.)