How To Reduce Risks In Cloud Computing

How To Reduce Risks In Cloud Computing

Healthcare IT News survey results released recently show that 48% of respondents plan to include cloud computing in their IT projects, while 33% have already done so. However, the survey also found that 19% of respondents had no plans at all regarding cloud computing. The co-founder and president of ID Experts, Rick Kam, has a reason for this: security. The 19% of total respondents fear that cloud computing is not secure enough for their data.

For health care institutions, entities, and providers in particular, it is data security that is of utmost importance, because these organizations must protect health information. Under the Health Insurance Portability and Accountability Act as well as Federal HITECH, health care organizations are responsible for the protection of health information in the cloud.

However, all is not lost for these health care organizations, because it is possible to reduce the risks associated with cloud computing as follows:

  • When tapping the services of a cloud computing provider, a health care entity must fully review the terms and conditions of the Service Level Agreement so that the entity’s risks and liabilities are fully understood. As such, the health care entity must accept that such risks must be fully absorbed by the organization.
  • Once operational, the health care organization must limit access to the cloud computing system. However, small health care entities may have to make do with whatever cloud computing service they can afford. These entities may not be able to limit access; their data and applications may be hosted in the public cloud because it is a lot cheaper than a private cloud.
  • Before signing on the dotted line, the cloud computing applications must be researched fully, because there are federal laws which limit access to protect health information to the very minimum. Only authenticated and authorized users must be able to access the cloud computing applications and there must be a log so that IT can audit each individual instance of access. However, not all applications have this feature; so, it is the primary responsibility of the health care institution to do its homework before acquiring cloud computing applications. Also, the cloud computing application must be designed for interoperability and data must be securely and smoothly moved between software applications which somehow expose health care information to certain risks. Therefore, protocols and standards for interoperability must be developed. When a health care institution procures a cloud computing service, it must ensure that the interoperability feature is present in the application.
  • A small health care organization must ask for third-party validation when taking advantage of a cloud computing application. It can ask its cloud computing provider to present a certification from a medical organization or association confirming that its cloud computing application meets the HIPAA and HITECH security requirements.
  • The health care entity must keep an inventory of the organization’s protected health information and personally identifiable information. This way, it can regulate the way it disposes, stores, uses, and collects the entity’s protected health information, because the said inventory can make known any data breach risks. A health care organization will then be able to plan its security measures so as to reduce the risk of a data breach.
  • The health care organization must create a cost-efficient and effective incident response plan which will help the entity meet the HITECH and HIPAA requirements alongside creating guidelines in case a data breach occurs. The plan assigns roles and offers guidelines, as well as the response team’s actions and responsibilities when a security breach occurs, and offers instructions on how to determine notification requirements, especially to the regulatory authorities.

By Florence de Borja

CONTRIBUTORS

Tesla is Worth More Than Ford or GM. Is this the Automakers iPhone Moment?

Tesla is Worth More Than Ford or GM. Is this the Automakers iPhone Moment?

The Automakers iPhone Moment Remember Blackberry? How about Nokia or Motorola? Vaguely you say. Will we one day state the ...
The Paradigm Shift In Enterprise IT Operations Management

The Paradigm Shift In Enterprise IT Operations Management

IT Operations Management Rapid change is the new constant with today’s Enterprises. There is a continuous shift in the technology ...
Security Audits, Cyberattacks and other Potential Front Line Issues

Security Audits, Cyberattacks and other Potential Front Line Issues

Defending the Organization When people talk about security audits in an organization, thoughts immediately go to malware, cyberattacks and other ...
Endpoint Security

WordPress Security 101 – Endpoint Security And Disaster Preparedness

Endpoint Security And Disaster Preparedness Continued from part 4 Setting up a secure password for your admin dashboard is a ...
Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a ...
Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Picking Up – Legacy Security Losing Ground

Cloud Native Trends Once upon a time, only a select few companies like Google and Salesforce possessed the knowledge and ...
Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security: Whose Business Is It, Anyway?

Cloud Communications Security Don’t count on cloud providers to provide all your UCaaS security It’s official: Unified Communications-as-a-Service (UCaaS) has ...
Will Chatbots Finally Make Mobile Payments Popular?

Will Chatbots Finally Make Mobile Payments Popular?

The Future of Chatbots We’ve profiled several digital wallet platforms that aim to change how we make payments. Apple, Samsung, ...

NEWS

EU privacy regulators to discuss Uber hack next week

EU privacy regulators to discuss Uber hack next week

BRUSSELS (Reuters) - European Union privacy regulators will discuss ride-hailing app Uber’s [UBER.UL] massive data breach cover-up next week and ...
OVH Announces New Hosted Private Cloud Offerings for US Market

OVH Announces New Hosted Private Cloud Offerings for US Market

OVH delivers next-generation services for hosted private cloud, disaster recovery, and hybridity leveraging industry-leading solutions RESTON, VA--(Marketwired - Nov 20, ...
HPE CEO Whitman's surprise exit stumps Wall Street

HPE CEO Whitman’s surprise exit stumps Wall Street

(Reuters) - Shares of Hewlett Packard Enterprise Co (HPE.N) fell 6 percent on Wednesday after Chief Executive Officer Meg Whitman’s ...

SPONSORS

The Skill & Training Mandates of Big Data

The Skill & Training Mandates of Big Data

Big Data Mandates For some years a dearth of data scientists and analysts has caused concern, with McKinsey expecting a ...
Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management In Today’s Volatile Online Environment

Internet Performance Management It’s no exaggeration to say that the Internet is now the heart of the global economy. Competition ...
How Printers Help Hackers Hide In Plain Sight

How Printers Help Hackers Hide In Plain Sight

Printers and Hackers Spies and thieves often do their best work by hiding in plain sight. No one suspects the ...