When word got out that medical researchers were contemplating ways to employ cloud computing, privacy rights watchdog Deborah Peel sounded an alarm. Is Peel right to be worried? Or does this potential storm cloud have a HIPAA-compliant lining?
When word got out that medical researchers were contemplating ways to employ cloud computing, privacy rights watchdog Deborah Peel sounded an alarm. Is Peel right to be worried? Or does this potential storm cloud have a HIPAA-compliant lining?The controversy was touched off when Harvard Medical School, along with Amazon.com and a few other sponsors, held an invitation-only symposium to discuss potential uses of computing in health care and biomedicine. As my colleague Marianne Kolbasuk McGee reports, the forum was exploratory in nature, and speakers acknowledged that thorny questions over data security and patient privacy will have to be addressed.
But there also was optimism over this new way of doing things. "It's like a virtual lab," said Peter Tonellato, senior research scientist at Harvard Medical School's Center for Biomedical Informatics, adding that cloud computing "fits the vision of ubiquitous access to the lab on the Web regardless of location." Tonellato predicted that many research organizations will transition to private/public cloud infrastructures for elasticity and cost-efficiency. In fact, Harvard's Laboratory for Personalized Medicine already is using Amazon Web Services to develop genetic testing models, as described here.
This news, however, didn't sit well with Peel, who is the founder and chair of Patient Privacy Rights, a self-described "guardian" of health privacy rights. "Clouds by their nature do not have patient or consumer control over personal data built in. That makes such systems illegal and unethical," Peel writes in response to our article. She argues in favor of consumer-led certification.
Peel's not alone in sounding a note of caution. Many IT departments are evaluating the privacy, security, and governance issues of public compute clouds, and some will decide it's a route they're not willing to take. (See Bob Evans' related post on InformationWeek's Global CIO blog.)
What's the answer? Clearly, there will be scenarios where those responsible will determine that sensitive health-related data needs to be stored behind the firewall and not in the cloud. However, there will be other situations where health data can be processed and stored in the cloud, and we're beginning to see examples. On its Web site, Amazon offers case studies of HIPAA-compliant applications that have been deployed on AWS. On one example, TC3 Health minimizes the amount of "protected health information" that goes into Amazon's cloud, while encrypting any data that does go there. In another, health records service provider MedCommons has architected its application to include identity management, activity logs, and other protective measures.
Health care is just one industry where the security, privacy, and governance implications of cloud computing have yet to be thoroughly tested or answered. Financial services companies, schools, and public agencies face many of the same issues. As more organizations experiment with and move applications in the cloud, they should be prepared to hear from the likes of Deborah Peel.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
Server Market SplitsvilleJust because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.