• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Is Your Health Data More Safe or Vulnerable in the Cloud?

by Richard Sullivan, Chief Operations Officer at Medsphere Systems 04/03/2018 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Medical Records_Healthcare Data_Health Data

The illusion of control is tempting, even intoxicating. It’s also a common characteristic that almost all humans manifest to one degree or another as we work to satisfy competence motives, the need for security, survival instincts.

Because proximity often feels like control, it might also get in the way of secure healthcare IT.

“Files stored in reliable cloud services are some of the most secure files you can have, provided you have good passwords,” says software engineer John Miller, PhD. “Google, Microsoft, and Amazon all provide reliable cloud services for consumer file storage.”

What, in particular, makes cloud storage superior, according to Miller?

– Redundancy: The chances of losing the same data saved in at least a couple of different places are low.

– Security: Keep passwords and access to local machines safe and you’re in good shape. Data centers are not easily hackable and very difficult to physically penetrate.

– Safe Sharing: You can give trusted individuals read access to data without having to deal with security risks like thumb drives and file copies.

Still, it’s a mistake to think that Amazon or Google can be entrusted with all security precautions. Your healthcare IT vendor is an active player in making sure your particular system is secure. When shopping vendors or considering a move to the cloud, have a conversation that includes these specific concerns:

Risk: How much risk will you be comfortable with? While you could choose to lock your system up tight, there is a tension between system security and ease of access. Find a balance between the two. In striking that balance, ask for assessment process documentation that includes establishing a risk threshold and effectively managing potential security issues related to third-party vendors.

Cloud Security Tools: It’s not wise to rely exclusively on cloud vendor security, but it is also unwise to reject any inherent security they provide. Document succinctly what is part of the cloud service and what your healthcare IT vendor layers on. Two-factor or multi-factor authentication, now widely used, may be one example of a security protocol built into the cloud vendor package.

Responsibility: It will be vital that you ask relevant and pointed questions about responsibility across all three spheres: the cloud vendor, the healthcare IT vendor and your organization. Evaluate documentation that describes what security measures come from each and how they complement one another. It’s critical that you understand whether there are any holes in the security mesh you’re looking to create.

One of the more challenging aspects of moving to the cloud for many healthcare organizations is an uncertainty about what questions to ask. Too often, hospitals and other healthcare organizations may be tempted to just say, “That’s your area of expertise. Make it work.”

Related: 6 Questions for Providers Moving Their Health IT System to the Cloud

It will benefit you in the long run to probe and make your healthcare IT vendor defend and quantify their security approach.

And what, at a minimum, should that approach include?

1. A Design Philosophy

It may go without saying that your healthcare IT vendor has had to work HIPAA and HITECH considerations into their design approach, but you will still want to see documentation detailing exactly how. Protecting patient data, for example, will require that your data be isolated via network layout from other customer instances. Live and back-up systems should be geographically separate in case of catastrophe. And network access controls should be layered at multiple levels so easy access is impossible. Again, find the right amount of tension between access and security.

2. Access Control

The security of your system will be preserved because everyone in your organization adheres to access protocols. Communication between the clinical site and the cloud location should be transported via an IPsec virtual private network (VPN). End users will transparently use the VPN to access system applications in the cloud. Multi-factor authentication for user access and constant system monitoring are both big steps toward a system that’s hard to breach.

3. Encryption

Make sure that your patient data is encrypted both in transit and at rest, i.e., when it’s sent across the VPN and when it is stored in the cloud. All operational, backup and log data should be encrypted using, at a minimum, the FIPS 140-2 compliant AES-256 standard. Ask about the encryption standard and for documentation of the protocol for moving to newer, more rigorous standards.

4. Disaster Recovery/Business Continuity

One of the strongest and most obvious arguments for moving to the cloud is the availability of disaster recovery and high availability backups. While unlikely, a disaster could destroy both the live and backup systems if both are in the same place, so ask if they are geographically distinct. You will want primary-to-secondary data replication to be constant, and hourly system snapshots should also be provided in the event of extreme situations. Also, make sure the disaster recovery site is ready to take over organizational operations at the drop of a hat if necessary.

Ultimately, while cloud security makes your organization no more vulnerable to breaches than you are with an onsite data center, there are better and less good ways to approach the cloud. A hybrid model, for example, of some local servers and some cloud hosting actually creates more vulnerabilities than a strictly public cloud approach. Your goal is to have fewer, not more, access points that could be breached.

“To be fair, much of the common perception of cloud security—or insecurity as the case may be—is just myth. Pervasive myth, but myth nonetheless,” says Tony Bradley at Forbes.

And it’s a myth many organizations now benefit from having banished. So, while you’re cleaning out the closet of long-held but possible incorrect beliefs like the illusion of control, just toss cloud insecurity on the trash heap as well. When managed with the same level of care as local data centers, the cloud offers clear advantages.

 Richard Sullivan is the chief operations officer for Medsphere Systems Corporation, the solution provider for the OpenVista electronic health record.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: healthcare cloud, healthcare cloud security, Healthcare Data, Healthcare Data Breaches, Medsphere

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |