How To Reduce Risks In Cloud Computing

How To Reduce Risks In Cloud Computing

Healthcare IT News survey results released recently show that 48% of respondents plan to include cloud computing in their IT projects, while 33% have already done so. However, the survey also found that 19% of respondents had no plans at all regarding cloud computing. The co-founder and president of ID Experts, Rick Kam, has a reason for this: security. The 19% of total respondents fear that cloud computing is not secure enough for their data.

For health care institutions, entities, and providers in particular, it is data security that is of utmost importance, because these organizations must protect health information. Under the Health Insurance Portability and Accountability Act as well as Federal HITECH, health care organizations are responsible for the protection of health information in the cloud.

However, all is not lost for these health care organizations, because it is possible to reduce the risks associated with cloud computing as follows:

  • When tapping the services of a cloud computing provider, a health care entity must fully review the terms and conditions of the Service Level Agreement so that the entity’s risks and liabilities are fully understood. As such, the health care entity must accept that such risks must be fully absorbed by the organization.
  • Once operational, the health care organization must limit access to the cloud computing system. However, small health care entities may have to make do with whatever cloud computing service they can afford. These entities may not be able to limit access; their data and applications may be hosted in the public cloud because it is a lot cheaper than a private cloud.
  • Before signing on the dotted line, the cloud computing applications must be researched fully, because there are federal laws which limit access to protect health information to the very minimum. Only authenticated and authorized users must be able to access the cloud computing applications and there must be a log so that IT can audit each individual instance of access. However, not all applications have this feature; so, it is the primary responsibility of the health care institution to do its homework before acquiring cloud computing applications. Also, the cloud computing application must be designed for interoperability and data must be securely and smoothly moved between software applications which somehow expose health care information to certain risks. Therefore, protocols and standards for interoperability must be developed. When a health care institution procures a cloud computing service, it must ensure that the interoperability feature is present in the application.
  • A small health care organization must ask for third-party validation when taking advantage of a cloud computing application. It can ask its cloud computing provider to present a certification from a medical organization or association confirming that its cloud computing application meets the HIPAA and HITECH security requirements.
  • The health care entity must keep an inventory of the organization’s protected health information and personally identifiable information. This way, it can regulate the way it disposes, stores, uses, and collects the entity’s protected health information, because the said inventory can make known any data breach risks. A health care organization will then be able to plan its security measures so as to reduce the risk of a data breach.
  • The health care organization must create a cost-efficient and effective incident response plan which will help the entity meet the HITECH and HIPAA requirements alongside creating guidelines in case a data breach occurs. The plan assigns roles and offers guidelines, as well as the response team’s actions and responsibilities when a security breach occurs, and offers instructions on how to determine notification requirements, especially to the regulatory authorities.

By Florence de Borja

Sorry, comments are closed for this post.

Five Cloud Questions Every CIO Needs To Know How To Answer

Five Cloud Questions Every CIO Needs To Know How To Answer

The Hot Seat Five cloud questions every CIO needs to know how to answer The cloud is a powerful thing, but here in the CloudTweaks community, we already know that. The challenge we have is validating the value it brings to today’s enterprise. Below, let’s review five questions we need to be ready to address…

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Driving Success: 6 Key Metrics For Every Recurring Revenue Business

Recurring Revenue Business Metrics Recurring revenue is the secret sauce behind the explosive growth of powerhouses like Netflix and Uber. Unsurprisingly, recurring revenue is also quickly gaining ground in more traditional industries like healthcare and the automotive business. In fact, nearly half of U.S. businesses have adopted or are planning to adopt a recurring revenue model,…

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

What The FITARA Scorecard Tells Us About Government Cyber Security Preparedness

Government Cyber Security Preparedness Last year’s massive data breach of Office of Personnel Management, as well as other recent cyber security incidents affecting federal agencies, underscored the urgency of bringing the federal government’s security infrastructure up to date. Although many agencies have made strides toward hardening their cyber security, outdated IT infrastructure and architecture is…

Are Cloud Solutions Secure Enough Out-of-the-box?

Are Cloud Solutions Secure Enough Out-of-the-box?

Out-of-the-box Cloud Solutions Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

Cloud as Our Children’s Playground

Cloud as Our Children’s Playground

Cloud as Our Children’s Playground We read everyday about the fast pace of business adoption of the cloud.  But children are adopting the cloud at just as an aggressive pace.  The Cloud is changing our children’s lives – the way they play, learn, and interact with others and the world around them.  I see children…

Driving Insight: Analytics And The Internet of Things

Driving Insight: Analytics And The Internet of Things

Analytics And The Internet of Things  For many businesses, the Internet of Things is playing an increasingly important role, influencing day-to-day operations and strategic planning. An ecosystem of growing complexity and sophistication, the IoT calls for careful navigation: advances in connectivity and cloud-based platforms have opened up a wider range of solutions to IT decision-makers…

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Advertising