'Illegal, Unethical, Untrustworthy' Clouds - InformationWeek
02:44 PM
John Foley
John Foley
Connect Directly

'Illegal, Unethical, Untrustworthy' Clouds

When word got out that medical researchers were contemplating ways to employ cloud computing, privacy rights watchdog Deborah Peel sounded an alarm. Is Peel right to be worried? Or does this potential storm cloud have a HIPAA-compliant lining?

When word got out that medical researchers were contemplating ways to employ cloud computing, privacy rights watchdog Deborah Peel sounded an alarm. Is Peel right to be worried? Or does this potential storm cloud have a HIPAA-compliant lining?The controversy was touched off when Harvard Medical School, along with Amazon.com and a few other sponsors, held an invitation-only symposium to discuss potential uses of computing in health care and biomedicine. As my colleague Marianne Kolbasuk McGee reports, the forum was exploratory in nature, and speakers acknowledged that thorny questions over data security and patient privacy will have to be addressed.

But there also was optimism over this new way of doing things. "It's like a virtual lab," said Peter Tonellato, senior research scientist at Harvard Medical School's Center for Biomedical Informatics, adding that cloud computing "fits the vision of ubiquitous access to the lab on the Web regardless of location." Tonellato predicted that many research organizations will transition to private/public cloud infrastructures for elasticity and cost-efficiency. In fact, Harvard's Laboratory for Personalized Medicine already is using Amazon Web Services to develop genetic testing models, as described here.

This news, however, didn't sit well with Peel, who is the founder and chair of Patient Privacy Rights, a self-described "guardian" of health privacy rights. "Clouds by their nature do not have patient or consumer control over personal data built in. That makes such systems illegal and unethical," Peel writes in response to our article. She argues in favor of consumer-led certification.

Peel's not alone in sounding a note of caution. Many IT departments are evaluating the privacy, security, and governance issues of public compute clouds, and some will decide it's a route they're not willing to take. (See Bob Evans' related post on InformationWeek's Global CIO blog.)

What's the answer? Clearly, there will be scenarios where those responsible will determine that sensitive health-related data needs to be stored behind the firewall and not in the cloud. However, there will be other situations where health data can be processed and stored in the cloud, and we're beginning to see examples. On its Web site, Amazon offers case studies of HIPAA-compliant applications that have been deployed on AWS. On one example, TC3 Health minimizes the amount of "protected health information" that goes into Amazon's cloud, while encrypting any data that does go there. In another, health records service provider MedCommons has architected its application to include identity management, activity logs, and other protective measures.

Health care is just one industry where the security, privacy, and governance implications of cloud computing have yet to be thoroughly tested or answered. Financial services companies, schools, and public agencies face many of the same issues. As more organizations experiment with and move applications in the cloud, they should be prepared to hear from the likes of Deborah Peel.

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll