'Cloudy' Forecast for PHI

June 24, 2013
How secure is cloud computing as far as protecting patient data? At a time when many health providers are considering the use of the cloud, it’s a question worth considering.

How secure is cloud computing as far as protecting patient data? At a time when many health providers are considering the use of the cloud, it’s a question worth considering.

Taking advantage of the cloud means trusting a third-party cloud vendor with your organization’s data. That means thoroughly evaluating a cloud operator, and getting a detailed picture of how your organization’s data will be stored on its servers, what sorts of protections it offers against unauthorized access to the data, and what sort of track record the cloud vendor has in healthcare.

The other side of the picture is what applications are appropriate to the cloud. I recently had an opportunity to speak with Rick Schooler, senior vice president and CIO of Orlando Health, a six-hospital system in central Florida. He says the cloud may be an acceptable risk for certain types of applications, such as software as a service, or using it to store revenue cycle data that can be used for business intelligence purposes. In those applications, security is a concern, but may well be an acceptable risk.

But what about the cloud and protected health information? “That’s a bridge that not many people have crossed in the healthcare world, putting PHI in the cloud,” Schooler says.

Breaches are on the Rise

An editorial in the June 29 New York Times addresses the use of the cloud by corporations, citing breaches by hackers who stole names, email addresses and passwords of millions of users in recent weeks. It cites a survey by the Ponemon Institute that found that nine out of 10 companies surveyed suffered an online attack in recent months. It also noted that Dropbox, a popular storing documents and other files on its cloud, allowed anyone to log into its 25 million user accounts using any password for a period of several hours recently.

While the editorial does not single out the healthcare industry, providers are not exempt to any of these potential attacks. In May, according to the Times, the Obama administration proposed legislation to ensure that companies running critical infrastructure have adequate to reduce the risk of an online attack.The attention on cloud security is worth noting, and it should give extra pause for organizations with regard to PHI.

Sponsored Recommendations

A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...