'Cloudy' Forecast for PHI

June 24, 2013
Is cloud computing an acceptable risk for PHI?

How secure is cloud computing as far as protecting patient data? At a time when many health providers are considering the use of the cloud, it’s a question worth considering.

Taking advantage of the cloud means trusting a third-party cloud vendor with your organization’s data. That means thoroughly evaluating a cloud operator, and getting a detailed picture of how your organization’s data will be stored on its servers, what sorts of protections it offers against unauthorized access to the data, and what sort of track record the cloud vendor has in healthcare.

The other side of the picture is what applications are appropriate to the cloud. I recently had an opportunity to speak with Rick Schooler, senior vice president and CIO of Orlando Health, a six-hospital system in central Florida. He says the cloud may be an acceptable risk for certain types of applications, such as software as a service, or using it to store revenue cycle data that can be used for business intelligence purposes. In those applications, security is a concern, but may well be an acceptable risk.

But what about the cloud and protected health information? “That’s a bridge that not many people have crossed in the healthcare world, putting PHI in the cloud,” Schooler says.

An editorial in the June 29 New York Times addresses the use of the cloud by corporations, citing breaches by hackers who stole names, email addresses and passwords of millions of users in recent weeks. It cites a survey by the Ponemon Institute that found that nine out of 10 companies surveyed suffered an online attack in recent months. It also noted that Dropbox, a popular storing documents and other files on its cloud, allowed anyone to log into its 25 million user accounts using any password for a period of several hours recently.

While the editorial does not single out the healthcare industry, providers are not exempt to any of these potential attacks. In May, according to the Times, the Obama administration proposed legislation to ensure that companies running critical infrastructure have adequate to reduce the risk of an online attack. The attention on cloud security is worth noting, and it should give extra pause for organizations with regard to PHI.


Sponsored Recommendations

A Comprehensive Workplace Safety Checklist

This checklist is designed for healthcare facilities focused on increasing workplace safety. It’s meant to inspire ideas, strengthen safety plans, and encourage joint commission...

Healthcare Rankings Report

Adapting in Healthcare: Key Insights and Strategies from Leading Systems As healthcare marketers navigate changes in a volatile industry, they know one thing is certain: we've...

Healthcare Reputation Industry Trends

Navigating the Tipping Point: Strategies for Reputation Management in a Volatile Healthcare Environment As healthcare marketers navigate changes in a volatile industry, they can...

Clinical Evaluation: An AI Assistant for Primary Care

The AAFP's clinical evaluation offers a detailed analysis of how an innovative AI solution can help relieve physicians' administrative burden and aid them in improving health ...