Healthcare organizations need to look – and perhaps even study and scrutinize security issues – before leaping to the cloud, according to Shane Whitlatch, enterprise vice president at FairWarning.
“There are ample studies and reports that talk about the potential benefits of storing data in the cloud. These benefits range from the ability to manage the costs associated with storing data, the speed of accessing data, the ability to share that data and integrate it with other systems and ultimately to improve outcomes,” he said. “And perhaps most important, a healthcare organization can negotiate predictable expenses when working with cloud service providers.”
With all this potential, many healthcare organizations are rushing to the cloud. In fact, 84 percent of care providers now are using cloud services, according to the HIMSS Analytics 2016 Cloud Survey (Figure 1). Haste, however, doesn’t always end well. As a result, the challenge for healthcare organizations lies in determining how to best manage the move to the cloud and to ensure appropriate security is in place once they get there.
Of course, healthcare organizations need to achieve the same level of data protection in the cloud as they do with on premise systems. “HIPAA isn’t necessarily concerned if the data is on premise or in the cloud, the laws still apply either way,” Whitlatch said.
Before jumping to the cloud, then, organizational leaders should be aware of the security risks specifically associated with cloud data. “A simple plan to start is to be sure the same security controls for premise are in place for cloud,” he pointed out. Among the threats to PHI in the cloud are business associate breaches, unintentional disclosures and insider threats.