Re: It's not if, it's when
Yes, there is a chance a cloud service provider's data can be hacked, of course. But every single day we hear of laptops, phones, and tablets getting stolen or lost from doctors' offices and hospitals. Each of those devices often includes hundreds, if not thousands, of (usually) unencrypted data. Then that small office is fined, heavily fined, perhaps more than $1 million. If they luck out and don't get breached, is it planning or luck? Do the hundreds of small practices in a town spend adequate time and money adding the right security tools, training staff against social engineering, and updating everything once patches come out? Are their offices protected by sensors, security systems, wire, and dogs to prevent machines physicially being removed? How much background checking of employees do they do and how often do they refresh those checks?
And, of course, they're supposed to care for patients in the middle of all this!
So while cloud isn't 100% safe, it's often a safer alternative. And it definitely should give practices peace of mind that they have reduced the risk to themselves if they do their homework and choose a partner with a proven track record of quality, security, and healthcare capabilities.