The narrative in enterprise technology for the past decade has been relentlessly pro-cloud. Move everything, move fast, realise the benefits. In healthcare, that narrative has met clinical reality. Latency-sensitive imaging workflows, data sovereignty regulations, legacy clinical applications that cannot be modified, and capital investments in on-premise infrastructure that have years of useful life remaining — these factors mean that many healthcare organisations will operate hybrid cloud environments for the foreseeable future.
Hybrid cloud is not a compromise or a transitional state. For many healthcare organisations, it is the right long-term architecture. The question is not whether to maintain some on-premise infrastructure, but how to manage a hybrid environment effectively.
What Hybrid Cloud Means in Healthcare
A hybrid cloud architecture combines private infrastructure (on-premise data centres or co-location facilities) with public cloud platforms (AWS, Azure, Google Cloud) and manages them as an integrated environment. Applications and data can move between environments, and identity, networking, and monitoring span both.
In healthcare, the hybrid model typically means:
- Core clinical systems (EHR, PACS, clinical decision support) running on-premise or in co-location facilities.
- Analytics, AI, and population health platforms running in the cloud.
- Disaster recovery and backup infrastructure in the cloud.
- New applications built cloud-native while legacy systems remain on-premise.
- Cloud services extending on-premise capabilities — cloud-based email and collaboration, identity federation, and remote access infrastructure.
Why Healthcare Organisations Maintain On-Premise Infrastructure
Latency Requirements
Clinical imaging presents the most demanding latency requirements in healthcare IT. Radiologists interpreting diagnostic images require sub-second display times for large DICOM studies. PACS workstations accessing images from a cloud storage service over a WAN connection may not reliably achieve the display performance that radiologists require, particularly for large modalities like CT and MRI.
While cloud-native PACS vendors have made significant progress in addressing latency through edge caching and content delivery network integration, many organisations find that local storage for active and recent studies remains the most reliable approach for primary reading workflows.
Data Sovereignty and Regulatory Requirements
In many jurisdictions, health data is subject to data residency requirements that restrict where patient data can be stored and processed. While major cloud providers offer region-specific deployments, some regulations require data to remain within national or regional infrastructure under domestic legal jurisdiction. Government healthcare programmes in particular may face restrictions on storing patient data in hyperscaler environments.
Co-location in certified domestic data centres — rather than public cloud — is sometimes the most straightforward path to satisfying these requirements.
Legacy Clinical Applications
Many healthcare organisations run clinical applications that cannot be moved to cloud. EHR systems running on proprietary operating systems, laboratory information systems with hardware lock-in, pharmacy systems integrated with dispensing hardware — these workloads often have no viable cloud migration path without replacement of the application. Replacement requires significant investment in procurement, implementation, and change management that cannot always be accelerated.
These systems will remain on-premise for as long as they are in use, making hybrid architecture a long-term necessity.
Capital Investment and Operational Familiarity
Healthcare organisations with recently refreshed on-premise data centre infrastructure — new server hardware, recently procured storage arrays, newly upgraded network infrastructure — face a real economic case for continuing to utilise that investment rather than migrating to cloud and writing off remaining useful life.
Internal IT teams with deep on-premise infrastructure skills may also be more effective managing familiar on-premise environments than managing cloud-native infrastructure they are still learning.
Hybrid Architecture Patterns
Cloud for Disaster Recovery
A common and relatively straightforward hybrid pattern uses cloud as the disaster recovery target for on-premise primary systems. Data is replicated continuously from on-premise to cloud storage, and cloud-hosted standby systems can be activated if the primary data centre becomes unavailable. This pattern delivers DR capability without migrating production workloads.
Cloud Bursting
For workloads with variable peak demand — batch analytics runs, research computing, AI model training — organisations can run baseline workloads on-premise and burst to cloud for peak capacity. This requires consistent application environments across both settings, typically achieved through containerisation.
Segmented Workload Placement
Clinically sensitive workloads with strict latency or sovereignty requirements remain on-premise; workloads with more flexible requirements migrate to cloud. This is the most common pattern in large healthcare organisations.
Network Connectivity Options
Reliable, high-bandwidth connectivity between on-premise infrastructure and cloud is foundational to hybrid architecture.
Site-to-site VPN provides encrypted connectivity over the public internet. It is the lowest-cost option but provides less predictable performance than dedicated connectivity, and bandwidth is limited by available internet capacity.
Azure ExpressRoute and AWS Direct Connect provide dedicated private connectivity from on-premise facilities to the respective cloud platform, bypassing the public internet entirely. Bandwidth options range from 50 Mbps to 100 Gbps. For healthcare organisations with significant data flows between on-premise and cloud — continuous replication, PACS image synchronisation, large analytics data transfers — dedicated connectivity provides the reliability and throughput that VPN cannot.
Both dedicated connectivity options can be provisioned through existing WAN providers or through cloud provider exchange partners at co-location facilities.
Data Synchronisation
Hybrid environments require careful management of data that exists in both on-premise and cloud locations.
For disaster recovery, one-way replication from on-premise to cloud is straightforward. For workloads that genuinely span environments — where some processing happens on-premise and some in cloud — bidirectional synchronisation with conflict resolution adds complexity.
Healthcare data synchronisation must maintain ePHI protections throughout. Replication channels must be encrypted, and the cloud-side copies of ePHI must have equivalent security controls to the on-premise originals.
Cost Management
Hybrid environments can be more expensive than purely on-premise or purely cloud environments if not carefully governed. Cloud costs for data storage, compute, and egress must be monitored continuously. On-premise costs — hardware refresh, data centre space, power, cooling, staffing — must be included in total cost of ownership comparisons.
Tagging cloud resources by workload, department, and cost centre enables accurate attribution of cloud spend and visibility into which workloads are driving costs. Regular right-sizing exercises — ensuring cloud resources are sized appropriately for actual workload demands — prevent cloud waste.
Governance Challenges
Hybrid environments are harder to govern than single-platform environments. Security policies, identity management, monitoring, and compliance evidence must span both environments. Identity federation — extending on-premise Active Directory or IAM to cloud environments — provides consistent access control across both. Unified monitoring through a SIEM that ingests logs from both on-premise and cloud infrastructure provides the visibility needed to detect threats that move across environment boundaries.
Governance frameworks and documentation for compliance (HIPAA risk analysis, SOC 2 evidence, ISO 27001 controls) must explicitly address both the on-premise and cloud components of the environment.
FZ Consulting LLP advises healthcare organisations on hybrid cloud architecture, workload placement strategy, and the governance frameworks needed to manage mixed environments. Contact our team to discuss your infrastructure strategy.