The cloud and big data hold tremendous promise for healthcare providers, life sciences companies and patients.
From precision medicine to patient-centered care – there is the potential for better care, delivered faster, easier patient access, increased collaboration and ultimately improved outcomes. With so much potential, there is an emotional and financial fervor to rush into the cloud. But, there are dangers to moving PHI to the cloud or big data too quickly. Some of the greatest threats to this data include business associate breaches, unintentional disclosures, and insider threats.
If history is the best predictor of the future, there are a lot of lessons we can learn from Electronic Health Records (EHRs). Over the past decade, EHR deployments grew really fast, in large part to ARRA and HITECH. Fortunately, EHRs, like Epic and Cerner, centralize patient data – and the industry got relatively lucky with their confined architecture. But, as we’ve witnessed, the security controls were not built-in early – and now threats to medical identities are at an all-time high. Now, imagine this data breaking down in the cloud – propagating outside the walls of the healthcare facility, dispersed across data farms. The odds are, once that data is breached you will never get it back.
According to a recent HIMSS report, “The Cloud Evolution in Healthcare,” 59 percent of health IT professionals either currently use or plan to use cloud, and there’s been an uptick in back-office cloud applications from 22 percent in 2014 to nearly 47 percent in 2016.
Today, as healthcare providers adopt cloud applications, they have the opportunity to take patient privacy and data protection seriously – from the beginning. They need to look beyond simply complying with minimum necessary HIPAA regulations and realize that patient privacy and data security must be a part of total holistic patient care.
How do they achieve this?