Newsletter Subscribe

Bringing you thought leadership, news, infographics, resources and our own brand of comics each week to your inbox...

How To Reduce Risks In Cloud Computing

How To Reduce Risks In Cloud Computing

Healthcare IT News survey results released recently show that 48% of respondents plan to include cloud computing in their IT projects, while 33% have already done so. However, the survey also found that 19% of respondents had no plans at all regarding cloud computing. The co-founder and president of ID Experts, Rick Kam, has a reason for this: security. The 19% of total respondents fear that cloud computing is not secure enough for their data.

For health care institutions, entities, and providers in particular, it is data security that is of utmost importance, because these organizations must protect health information. Under the Health Insurance Portability and Accountability Act as well as Federal HITECH, health care organizations are responsible for the protection of health information in the cloud.

However, all is not lost for these health care organizations, because it is possible to reduce the risks associated with cloud computing as follows:

  • When tapping the services of a cloud computing provider, a health care entity must fully review the terms and conditions of the Service Level Agreement so that the entity’s risks and liabilities are fully understood. As such, the health care entity must accept that such risks must be fully absorbed by the organization.
  • Once operational, the health care organization must limit access to the cloud computing system. However, small health care entities may have to make do with whatever cloud computing service they can afford. These entities may not be able to limit access; their data and applications may be hosted in the public cloud because it is a lot cheaper than a private cloud.
  • Before signing on the dotted line, the cloud computing applications must be researched fully, because there are federal laws which limit access to protect health information to the very minimum. Only authenticated and authorized users must be able to access the cloud computing applications and there must be a log so that IT can audit each individual instance of access. However, not all applications have this feature; so, it is the primary responsibility of the health care institution to do its homework before acquiring cloud computing applications. Also, the cloud computing application must be designed for interoperability and data must be securely and smoothly moved between software applications which somehow expose health care information to certain risks. Therefore, protocols and standards for interoperability must be developed. When a health care institution procures a cloud computing service, it must ensure that the interoperability feature is present in the application.
  • A small health care organization must ask for third-party validation when taking advantage of a cloud computing application. It can ask its cloud computing provider to present a certification from a medical organization or association confirming that its cloud computing application meets the HIPAA and HITECH security requirements.
  • The health care entity must keep an inventory of the organization’s protected health information and personally identifiable information. This way, it can regulate the way it disposes, stores, uses, and collects the entity’s protected health information, because the said inventory can make known any data breach risks. A health care organization will then be able to plan its security measures so as to reduce the risk of a data breach.
  • The health care organization must create a cost-efficient and effective incident response plan which will help the entity meet the HITECH and HIPAA requirements alongside creating guidelines in case a data breach occurs. The plan assigns roles and offers guidelines, as well as the response team’s actions and responsibilities when a security breach occurs, and offers instructions on how to determine notification requirements, especially to the regulatory authorities.

By Florence de Borja

Philips spotlights connected technology, predictive analytics software, and artificial intelligence advancing population health and precision medicine at HIMSS 2017 AMSTERDAM, Feb. 17, 2017 /PRNewswire/ -- Featuring new and enhanced connected health offerings at the 2017 HIMSS Conference & Exhibition (HIMSS17), Royal Philips (NYSE: PHG,AEX: PHIA), a global leader in health technology, will showcase a broad range of population health management, ...
Read More
Cupertino, California — Apple today announced its 28th annual Worldwide Developers Conference (WWDC) — hosting the world’s most talented developer community — will be held at the McEnery Convention Center in San Jose. The conference, kicking off June 5, will inspire developers from all walks of life to turn their passions into the next great innovations and apps that customers ...
Read More
When Cisco Systems Inc. reports earnings Wednesday, the big question will be if the networking giant’s repeated gambles on software can reverse a yearlong sales slide, or at least point to a reversal of that trend in the future. Cisco CSCO, +1.06%  is scheduled to report fiscal second-quarter earnings less than a month after announcing its latest multibillion-dollar software acquisition, ...
Read More
Offering Integrated and Automated Solutions, Expansive Partner Ecosystem, Advanced Architecture with Cross-Industry Collaboration SAN FRANCISCO, Feb. 14, 2017 – Today Intel Security outlined a new, unifying approach for the cybersecurity industry that strives to eliminate fragmentation through updated integrated solutions, new cross-industry partnerships and product integrations within the Intel Security Innovation Alliance and Cyber Threat Alliance (CTA). “Transforming isolated technologies ...
Read More
IoT Enablement, Analytics Offer Strong Monetisation Opportunities HAMPSHIRE, UNITED KINGDOM--(Marketwired - February 13, 2017) - A new study from Juniper Research has calculated that mobile network operators can realise an additional $85 billion in revenues over the next five years through the deployment and enhancement of non-core services including Big Data analytics and IoT (Internet of Things) enablement. Operators "Can ...
Read More