Cloud Computing and Security

June 24, 2013
The cloud: smart business move, but proceed with caution.

The idea of cloud computing has definitely taken hold in the healthcare industry. According to the Cloud Computing Tracking Poll, an assessment by CDW LLC, a technology solutions vendor, of current and future cloud use in business, government, healthcare and education, 28 percent of U.S. organizations are using the cloud today. CDW defines cloud computing as enabling on-demand access to a shared pool of configurable computing resources (networks, servers, storage, applications, services) that can be rapidly made available.

Healthcare organizations were a little above that average, with 30 percent of organizations saying they were implementing or maintaining cloud computing. According to Nathan Coutinho, enterprise server/storage/virtualization manager of CDW, says that there is a great deal of interest among potential cloud computing users, many organizations have expressed concerns over security issues. In fact, security concerns ranked as the top roadblock to implementation, with 41 percent of respondents across all segments saying it held their organization back from either adopting or further implementing the cloud.

Mac McMillan, who is chair of the HIMSS Privacy and Steering Committee, notes that cloud computing, from a business perspective, is compelling. “From a business sense, it is a smart thing to do,” he says. “From a security perspective, it is a smart thing to do if it is done correctly,” he says. That means that the provider must give a thorough vetting of any cloud provider it is considering using as a partner. For starters: what kind of a cloud model is the vendor offering? Public or private? What practices and measures does the provider have in place to make sure that the data will be managed in a secure way?

One useful source of information about securing data on the cloud is the Cloud Security Alliance, he recommends. “There is good information out there that people can use to ask the right questions of their cloud vendor, to find out if they are going to meet their needs from a compliance perspective and a data security perspective,” he says.

He notes that new requirements under the HITECH Act could be challenging, depending on what type of data gets stored on the cloud. The proposed rule of the Accounting for Disclosure rule from the Department of Health and Human Services’ Office of Civil Rights poses questions around auditing of data that is stored with a vendor’s cloud service. MacMillan says security issues surrounding cloud computing will only grow in importance. He says the committee he chairs has decided to form a cloud security work group to look at the issue.

Stay tuned for more on cloud computing security issues in the August issue of HCI.

 

Sponsored Recommendations

The Healthcare Provider's Guide to Accelerating Clinician Onboarding

Improve clinician satisfaction and productivity to enhance patient care

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...