After six years of growth – and with the promise of more on the horizon – staff at University Hospital Southampton NHS Foundation Trust decided to move the organisation’s online patient service into the managed cloud. According to Kevin Hamer, the trust’s IT development service manager, it is a change which was not challenge-free but from which benefits have almost immediately flowed.

Southampton’s online patient service is, somehow, already six years old. In this time, My medical record has undergone three significant user interface transformations and a whole host of back end changes. But this year we set out on the biggest upgrade of them all – one which turned out to be something of a necessary journey into the unknown.

We were already approaching 10,000 live patient records but we knew the original architecture could not adequately keep pace with our future needs. We needed to open up the back end record; get it somewhere more accessible while ensuring we had a secure and scalable cloud-based platform. In short, we felt we should no longer be hosting the service ourselves.

We chose to port the back end to OpenPHR – a platform with full FHIR integration – for obvious interoperability reasons. Other hospitals already use our service and we wanted to enable other providers and apps to connect too. We felt this would also give us more scope to align with the national picture, such as the Citizen Identity programme.

The front end user interface also underwent a significant upgrade. At the same time we decided to push the whole thing into Microsoft Azure.

Why do it?

A question we are continually (and rightly) asked is: “How secure is the system?” We all know the risks of doing anything online, and people are understandably particularly cautious when it does to health data.

This was a key factor in going down the route of professional hosting. Another factor was our ability to keep pace with the rate of demand for personal health record services, including the associated hardware and setup required to ensure appropriate capacity and availability.

Professional hosting takes care of both areas for us. We were impressed by the instant scalability offered by Azure, 24/7 service (with back-ups as routine), and a security setup that we couldn’t have hoped to match without spending a lot of money. We’re also not in the business of hosting internet-facing websites, and we had no reason to do so other than for My medical record. Transferring it to a professionally hosted service meant removing a security risk to our network that we previously had to manage.

We chose to go down the route of ‘platform as a service’ on Azure, as this sees Microsoft taking care of everything from the operating system down. It required a more complex setup (versus booting up ordinary virtual machines), but it means that more of the security is taken care of, such as patching, and it also offers more flexibility.

And Get Real Heath, the supplier of our data store OpenPHR, work closely with Microsoft and had experience of running the platform in Azure.

Despite all this, we hit a number of problems. You always expect some in a project of this size, but there were also a lot of unknowns.

The key issue in all of this was the size of the project itself and the fact that we were migrating an embedded service to a cloud provider. While Get Real Health had other customers using Azure ‘platform as a service’, they had all started their journeys there and had no need to migrate anything. Starting off a new PHR in Azure would have been unquestionably easier. So would have porting everything to virtual machines and then thinking about moving to platform as a service. There is no question that we did it the hard way.

The benefit of someone else doing it

Despite the challenges, we did quickly find benefits to the move to professional hosting. A couple of clicks can up the service level to increase CPU cores and RAM. And the number of instances can also be increased. We soon found that we were able to optimise the service to make it quicker than it had previously been before, for both patients and clinicians.

This is something we continue to work on as we look to maximise response times and performance for our users, while also securing maximum value for money. An obvious next step is to scale up in core hours and scale down on evenings and weekends, though we have to remember our patients – they are more likely to access the service in the evening. Azure allows you to configure the times and days when you increase or reduce resources and when resources hit a threshold, so you can take complete control over your environment without forever needing someone at the wheel.

What else? We no longer need to security patch the servers, worry about fail-over or back-up – Azure takes care of this for us. We’ve also implemented a ‘sync service’ that allows you to keep a copy of certain data tables locally. This supports local audit and offline reporting, which can be done quickly and without affecting the live environment.

Moving forward

We now have an open environment that other apps and providers can connect to through FHIR. And as more services at Southampton go live – and more hospitals use My medical record – the back end hardware will scale as required.

Linking the shared record for Hampshire and the Isle of Wight into Open PHR is an obvious next step, and we may also have the opportunity to do something similar with Dorset. Within the LHCRE (Local Health and Care Record Exemplar) programme, meanwhile, we want third party suppliers of NHS commissioned bespoke app to feed the same patient record. We believe it can help suppliers come to the market if they do not have to stand up a record infrastructure and the surrounding security.

The job is not yet done – in many ways it feels almost like we’re at the beginning. But the original vision of an interoperable comprehensive cloud-based record that the patient owns now feels a step closer and a lot more tangible.

Kevin Hamer is IT development service manager at University Hospital Southampton NHS Foundation Trust.