For now, Health IT related projects should use the Rackspace Cloud instead of the Amazon Cloud.
Some of us are concerned with the issue of Software Freedom. Essentially, you need to have control over what your computer is doing and unless you have software freedom, someone else (the copyright holder who has given you a proprietary license) is in control with proprietary software. Software that respects the freedom of its users, often called ‘Open Source’ software, should be used exclusively in the healthcare domain. This should be obvious if you think about it. It is unethical for clinicians to allow proprietary vendors to control their computers, because they should have custodianship of patient records. If you agree with this paragraph, you really need to join Liberty Health Software Foundation.
The difference between the ‘cloud’ and ‘virtualization’ technologies with regards to GNU/Linux instances is simple. It is simply a manner of having a structured API available for the provisioning and control of GNU/Linux instances.
It is possible to implement a “cloud” in your local data center using projects like Eucalyptus which essentially allows a large computer or set of computers to act like Amazons ec2 service.
Is the API that is used to deploy these clouds FOSS compatible or not? If they are not FOSS, then they can become a mechanism for proprietary lock-in of health information. It does not matter if you avoid lock-in by using an entirely FOSS stack if you host it at Amazon and you cannot leave that service easily.
Remember, that we need to be concerned with the continuity of Health data for hundreds of years, which is a totally different perspective than most IT applications. You need to be looking forward to the day that Amazon shuts its doors. That day -will- come, and you (or your successors) need to be able to get instance out of that cloud easily. In the short term, having access to cloud API’s under FOSS licenses, helps address the basic concerns that people who respect software freedom have about the whole idea of cloud computing.
Others have discussed this before, but I want to point out that for the time being, if you want to safe from all proprietary nonsense in your health information application, you should be using Rackspace, since Rackspace has provided its API to the community under an open source license. That makes the Open Source Rackspace API a new option for those who, like me, believe that software freedom is even more critical in healthcare applications.
I hope that Amazon will soon release its API under a FOSS license, but until it does… use Rackspace.
-FT
(updated 08-10-09 added ‘remember’ paragraph for clarity.)
Fred, if you just use the virtul-machine features of Amazon’s EC2, and not SimpleDB or S3, why is that a threat to software freedom?
I’m more worried about the privacy implications of data in the cloud when it’s not clear how storage space gets recycled. I’m still looking for encrypted-disk options in the cloud….
You cannot easily backup instances without the other API functions like S3. So that is actually a big part of the problem.
I agree while OS encryption is a critical feature for us. But without an open API, you would be even more married to Amazon. It is really important to be able to use the Amazon API to move your instance -out- of the cloud.
This way we can start writing Health IT provisioning engines that can exercise the cloud.
-FT
Fred,
Does Rackspace specify in their contract where the physical data center(s) are located that hold your data? State laws vary on disclosure of data, especially in regards to patient safety. In addition to Ben’s concerns about storage management, there’s also the risk of offshore support resources (rackspace or hardware OEMs) having access to unencrypted data.