By Dena Bauckman, Zix
The American healthcare sector has changed dramatically within the past decade, thanks to wave after wave of technological innovation. Cloud technology, in particular, has transformed healthcare in much the same way it has transformed other industries, allowing organizations of all types and sizes to optimize their IT resources. But healthcare is different from most other industries — even other regulated ones — because healthcare information contains highly sensitive personal data that is some of the most sought-after information by hackers. For this reason, some healthcare organizations have been reluctant to embrace the cloud.
Plenty of providers remain wary of cloud adoption even though cloud service can improve an organization’s Health Insurance Portability and Accountability Act compliance. Most of the anxiety revolves around the issue of security, and plenty of healthcare and IT leaders feel that the security of cloud-based applications can’t meet their elevated compliance requirements. The AppRiver Q2 Cyberthreat Index for Business finds that 63 percent of healthcare and pharmaceutical small to midsized businesses store all of their data on their own secured network and nowhere else.
In some ways, this trepidation makes sense. The data that healthcare providers handle is highly sensitive patient information, which represents a gold mine for cybercriminals. Moreover, the notion that putting this highly sensitive data into a public cloud will improve HIPAA compliance is a bit counterintuitive. In fact, organizations should be cautious when it comes to selecting cloud-service providers because service models vary greatly and data owners are still ultimately responsible for the protection of that data. However, the vast majority of the time, cloud vendors are better equipped to handle and protect healthcare data than the providers that entrust them with that data.
Knowing What To Look For
The built-in protections afforded by cloud-service providers can minimize risk and maximize security. Most cloud vendors provide encryption of data that markedly reduces the risk of data theft, and many also provide strong access control and multi-factor authentication that makes unauthorized access far more difficult. But not all cloud-service providers are created equal, which means healthcare organizations must practice due diligence before signing a contract that puts any sensitive patient data in the cloud.
When assessing a vendor, it’s smart to first evaluate their approach to security. The best way to do that is to look at the certifications they hold, the security standards they use, and the frameworks they have implemented within their data center and solution. This doesn’t mean you have to be an expert on all the various certifications, standards, and frameworks, but you should do enough research to understand what cloud providers are offering. Don’t be shy about asking questions, even if you’re not sure you’ll understand all the details of the answer. Reliable partners want you to know what they are doing and how they are audited. They’ll be eager to talk to you about their certifications and the frameworks they use to protect your data.
Aside from security, a solid partner also will be able to explain what it does to ensure your data is available whenever you need it. The availability of the service and your data should be guaranteed through a service-level agreement. As a partner, they will want to show you how they provide visibility and control of the data you’re entrusting to them. This might be through a built-in reporting dashboard, integration with third-party software, or a security information event and management system, which allows customers to collect and analyze data from a number of systems and services. As far as control, most providers will be able to configure their solutions to give you as much or as little access as you want, depending on your in-house capabilities.
Getting Back To The Mission
Cloud services are all about efficiency and enabling IT teams to do more with less. More importantly, cloud services allow organizations to focus on core competencies while offloading standard business activities that are required but not necessarily a core competency. Using cloud services can allow small startups to compete with entrenched incumbents and helps huge corporations maximize shareholder value.
Most healthcare organizations aren’t equipped with the expertise, people, or funding needed to run large data centers and keep up with the latest security threats. That’s not why they exist. They exist to provide the best patient care possible, which often means they have access to immense amounts of personal and private information. Even those healthcare organizations that have developed a high level of in-house expertise can benefit by moving to the cloud, so they can focus their resources toward improving patient care — this is why more and more healthcare organizations are making the move to the cloud.
It’s OK for healthcare organizations to be skeptical about new technologies, and it’s wise to do your own research before handing over highly sensitive patient information to a third party. However, it’s not wise to dismiss the use of cloud solutions without fully evaluating the benefits and efficiencies they provide to the organization. When properly implemented, the use of cloud services can improve the effectiveness of your organization and the services you provide to patients.
About The Author
Dena Bauckman is VP of Product Management for Zix, where she has worked for 13 years. She has more than 20 years of experience in product management and product marketing and has been CISSP-certified since 2007.