Since 2012 three Texas-based health care organizations have merged to create USMD Health System. During the past four years CIO Mike Yerrid has been on a mission to centralize and consolidate IT operations. And a big part of that is moving to Amazon\u2019s cloud.Yes, as a health care organization, USMD is subject to stringent regulations for protecting patient information, and yes it\u2019s moving to the public cloud. USMD isn\u2019t alone. \u201cHealth care organizations are becoming more comfortable with cloud technology,\u201d says Lynne Dunbrack, leader of research firm IDC\u2019s Health Insights practice.+MORE AT NETWORK WORLD: 9 Keys to a HIPAA compliant cloud | From CSO: What to think about when moving to the cloud +\u201cWith the increased threats of cyber attacks, I think that health care providers are recognizing that the cloud service providers know about securing infrastructure and applications and have the resources to do so; more so than their constrained IT staff can handle.\u201dTwo years ago, IDC Health Insights surveyed health care IT providers and found that 87.5 percent of respondents were comfortable with using cloud technology. The survey of 310 IT pros found that 35 percent of new infrastructure purchases would be made in the cloud. Last year the number rose to 40 percent.Economies of the cloudFor Yerrid at USMD, the move to embrace the cloud came down to economics. After the mergers, USMD is now made up of two hospitals, four cancer treatment centers and 50 clinician offices. \u201cThe reality is capital is being spent on other merger activities - growing the organization,\u201d he says, not necessarily on IT infrastructure.In Yerrid\u2019s mind he has two choices: Either estimate the needs of his IT infrastructure and front-end the capital expense of buying it; or use a pay as you go cloud infrastructure. Yerrid believes that owning and operating his own infrastructure is just not efficient. \u201cIf planned growth doesn\u2019t occur then you\u2019ve overpaid for equipment that you didn\u2019t need,\u201d he says. \u201cIf you did measure it right, then you still have to replace it all within a certain amount of time.\u201dIn a cloud model, Yerrid provisions the infrastructure resources he needs based on demand.\u201cThe elasticity of a cloud solution is ideal for a company that is growing,\u201d he says. \u201cWe have the ability to turn very quickly.\u201d Without this ability, he says IT can be a roadblock. With the cloud, IT can keep pace with the growth.First SaaS, then IaaSThe low-hanging fruit for USMD\u2019s cloud migration were SaaS apps. Yerrid implemented a NetSuite accounting system and a Human Resources app from ADP as his first cloud use cases. More recently Yerrid has migrated his practice management system to the cloud. It handles all scheduling, billing and registrations and is the main portal for many of the organizations 1,500 health care workers.Medical imaging is also being transitioned to be stored in the cloud, including diagnostic X-rays. To help manage the migration, USMD is working with a provider named ClearDATA, which specializes in helping health care organizations migrate workloads to the public cloud while remaining in compliance with health care privacy laws.The Health Insurance Portability and Accountability Act (HIPAA) is the primary law dictating the protection of health care information. The HITECH portion of the law instituted new regulations in 2009 for health care organizations to protect electronic health data. It now requires health care organizations to inform patients of data breaches and it outlines a patient\u2019s rights.Chris Bowen, founder of ClearDATA, says there are three main focus areas for HIPAA and HITECH regulations related to technology:Administrative controls: Policies must be in place to determine who has access to what data.Technical controls: Rules must be in place to secure data.Physical controls: Standards for physical access to data and infrastructure resources must be abided by.Bowen says all three can be satisfied in a cloud environment, with the right precautions. In Amazon Web Service\u2019s cloud, for example, it can be set up so that all activity in the cloud environment is monitored and logged and any unusual activity is flagged and reported, satisfying the administrative controls. All data in AWS can be encrypted and Amazon can provide assurances to customers regarding physical access to their data centers that host their clouds. ClearDATA provides a dashboard for customers to check their cloud-based environment against HIPAA regulations. USMD has signed a contract \u2013 named a Business Associate Agreement - with ClearDATA to be responsible for ensuring HIPAA compliance in this cloud-based environment.Not everyone\u2019s a cloudieLast year the CTO of another Texas-based health care organization named CHRISTUS Health told Network World that he\u2019s in no rush to move to the cloud. Lynn Gibson, who oversees a data center with about 200 physical hosts running 4,000 virtual machines for CHRISTUS, says, \u201cWhen you get to be our size you really have to analyze how much control you want to give away to an outsourcer."\u201cThere are some people projecting that hospitals and healthcare organizations don\u2019t need data centers. I think that\u2019s a little cavalier. If you start doing that you\u2019re giving away control of your patient information and patient data and that\u2019s where the money lies.\u00a0The key to everybody\u2019s future in healthcare is going to be around the knowledge that you gain out of the data you maintain," she says.