Healthcare in the Cloud: Is Patient Data Safe?
The continuous evolution of the healthcare industry presents unique information technology challenges. Cloud computing is desirable to the healthcare industry because of its cost and strategic benefits, including scalability with reduced capital expenses and more efficient use of IT resources. As a result, protecting the privacy of ePHI is a priority for cloud service providers responsible for assisting clients with Health Insurance Portability and Accountability Act (HIPAA) compliance.
Concerns with the Cloud
Another trend emerging in IT is the bring your own device (BYOD) model in which employees connect to workplace resources through a variety of consumer devices including laptops, mobile phones and tablets. BYOD is desired by today’s workforce that is becoming more comfortable using a particular technology ecosystem in all parts of their daily lives. To them, carrying around multiple devices for personal and business use is inconvenient. BYOD raises concerns about securing ePHI.
Healthcare organizations are targets for hackers and cyber thieves because of their access to personally identifiable information (PII), such as birthdates and social security numbers, which are on all health records. According to a report from the Ponemon Institute, “Healthcare organizations manage a treasure trove of financially lucrative personal information, and healthcare organizations do not have the resources, processes and technologies to prevent and detect attacks, and adequately protect patient data” making them a big and somewhat easy target. Ensuring that the internal IT department sanctions all cloud-managed programs and services is a factor in protecting ePHI. Backup and disaster recovery services are two strategies that protect against any data loss, whether intentional or accidental.
While data security, availability and safety is imperative for any industry, it is especially true for healthcare. Healthcare organizations must also be HIPAA-compliant so when entrusting their systems and data to a third-party cloud hosting provider, a HIPAA Business Associate Agreement is required. Expedient can be your managed services data center/cloud provider for HIPAA compliance.
