'Cloudy' Forecast for PHI

June 24, 2013
How secure is cloud computing as far as protecting patient data? At a time when many health providers are considering the use of the cloud, it’s a question worth considering.

How secure is cloud computing as far as protecting patient data? At a time when many health providers are considering the use of the cloud, it’s a question worth considering.

Taking advantage of the cloud means trusting a third-party cloud vendor with your organization’s data. That means thoroughly evaluating a cloud operator, and getting a detailed picture of how your organization’s data will be stored on its servers, what sorts of protections it offers against unauthorized access to the data, and what sort of track record the cloud vendor has in healthcare.

The other side of the picture is what applications are appropriate to the cloud. I recently had an opportunity to speak with Rick Schooler, senior vice president and CIO of Orlando Health, a six-hospital system in central Florida. He says the cloud may be an acceptable risk for certain types of applications, such as software as a service, or using it to store revenue cycle data that can be used for business intelligence purposes. In those applications, security is a concern, but may well be an acceptable risk.

But what about the cloud and protected health information? “That’s a bridge that not many people have crossed in the healthcare world, putting PHI in the cloud,” Schooler says.

Breaches are on the Rise

An editorial in the June 29 New York Times addresses the use of the cloud by corporations, citing breaches by hackers who stole names, email addresses and passwords of millions of users in recent weeks. It cites a survey by the Ponemon Institute that found that nine out of 10 companies surveyed suffered an online attack in recent months. It also noted that Dropbox, a popular storing documents and other files on its cloud, allowed anyone to log into its 25 million user accounts using any password for a period of several hours recently.

While the editorial does not single out the healthcare industry, providers are not exempt to any of these potential attacks. In May, according to the Times, the Obama administration proposed legislation to ensure that companies running critical infrastructure have adequate to reduce the risk of an online attack.The attention on cloud security is worth noting, and it should give extra pause for organizations with regard to PHI.

Sponsored Recommendations

Addressing Revenue Leakage in Hospitals

Learn how ReadySet Surgical helps hospitals stop the loss of earned money because of billing inefficiencies, processing and coding of surgical instruments. And helps reduce surgical...

Care Access Made Easy: A Guide to Digital Self Service

Embracing digital transformation in healthcare is crucial, and there is no one-size-fits-all strategy. Consider adopting a crawl, walk, run approach to digital projects, enabling...

Powering a Digital Front Door with a Comprehensive Provider Directory

Learn how Geisinger improved provider data accuracy, SEO, and patient acquisition with a comprehensive provider directory.

Data-driven, physician-focused approach to CDI improvement

Organizational profile Sisters of Charity of Leavenworth (SCL) Health* has been providing care since it originated in the 1600s in France as the Daughters of Charity. These religious...