Healthcare // Security & Privacy
News
7/17/2014
07:06 AM
Alison Diana
Alison Diana
Slideshows
Connect Directly
RSS
E-Mail
50%
50%

Healthcare IT Cloud Safety: 5 Basics

Healthcare is warming up to cloud services, and that means extra vigilance. Here's what you should be doing at a minimum to keep data safe.
Previous
1 of 6
Next

As more healthcare organizations become comfortable with using cloud services, there's a risk this familiarity could lead to complacency -- and that endangers patient data, networks, and the organization's very reputation.

Cloud services continue to gain traction across verticals, including other highly regulated industries such as finance, and healthcare organizations can tap existing tools, governance policies, and procedures to preserve integrity and security. To do so, IT must be vigilant and proactive, experts say, and CIOs must work closely with their business counterparts to ensure the cloud is both the best technological and organizational solution to the problem.

The cloud increasingly is the answer to many healthcare organizations' needs: Almost 83% of 150 industry respondents currently use at least some cloud services, according to the 2014 HIMSS Analytics Cloud Survey, published in June. Another 9% plan to use the cloud, and just 6% don't plan to try cloud services, the report found.

By 2017, healthcare organizations will spend $5.4 billion worldwide on cloud services, according to MarketsandMarkets. Slow to adopt public cloud products formally, healthcare IT primarily invests in private or hybrid models for security reasons, experts noted.

However, employees do not always abide by IT's carefully scripted guidelines. The plethora of software-as-a-service software -- often free or so cheap it can be charged to an expense account -- attracts employees unwilling to wait for an IT-approved approach. Healthcare enterprises used an average 1,180 cloud services, according to Skyhigh Networks' Cloud Adoption and Risk Report 2Q, which is based on anonymized data for more than 10.5 million users. Enterprises in general use 738 cloud services, the report found.

"There is a massive opportunity for IT to be more proactive and to understand the risk of cloud services," says Kamal Shah, vice president of products at Skyhigh Networks, in an interview.

Shadow IT, which may or may not resolve an employee's immediate business need, can have far-reaching implications, Shah says. During an audit of its cloud services, one Skyhigh client found employees used 19 different file sharing and collaboration applications, he says. In addition to increasing security risks, this situation was hurting productivity, because the lack of standardization meant employees had to download multiple collaboration and sharing programs in order to work together, he notes. "It's hard to collaborate when different groups within an organization are using different applications," he says.

Also, when a healthcare organization's network is overwhelmed, cloud access can be limited, an issue for many hospitals at a time when a growing number of devices wirelessly connect for analysis, monitoring, and data collection. Performance is critical, uptime is a requirement, and poor connections are intolerable in healthcare. 

When using cloud services, healthcare organizations must be certain that providers meet HIPAA regulations, said Jennifer Christianson, a partner in the law firm Carlton Fields Jorden Burt, in an interview. Healthcare organizations also must consider how local or state laws might affect them, she noted. Scrutinizing business associate agreements to make sure they meet all specifications is crucial, too, Christianson said.

Read on for the five steps all healthcare organizations should take to make sure their cloud security is up to snuff.

Alison Diana has written about technology and business for more than 20 years. She was editor, contributors, at Internet Evolution; editor-in-chief of 21st Century IT; and managing editor, sections, at CRN. She has also written for eWeek, Baseline Magazine, Redmond Channel ... View Full Bio

Previous
1 of 6
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
7/22/2014 | 3:33:48 PM
Re: HIPAA is key!
HIPAA is vital because, in healthcare, you truly are responsible for your partners' behavior - or lack, thereof. If a business associate's security is breached, then the healthcare system is both at risk and responsible. In some cases, depending on location (such as Florida), it may have to notify patients and law enforcement about the breach. So you want to ensure cloud service providers meet stringent criteria and HIPAA's a good place to start.
KtAt
50%
50%
KtAt,
User Rank: Apprentice
7/17/2014 | 5:52:35 PM
HIPAA is key!
This part of the atricle is great:

 

"When using cloud services, healthcare organizations must be certain that providers meet HIPAA regulations, said Jennifer Christianson, a partner in the law firm Carlton Fields Jorden Burt, in an interview."

 

Luckiy now a days there are many services out that that have become HIPAA certfied to help healthcare practitioners. Here at SurveyMonkey we offer a completely HIPAA compliant platform. THis is incredibly useful for professionals that are gathering medical research, patient intakes etc. Many companies are jumping onboard including Verizon and Amazon. It's absolutely crucial that we are able to provide these services to the healthcare industry so they may achieve their goals! 
Healthcare Data Breaches Cost More Than You Think
Healthcare Data Breaches Cost More Than You Think
Healthcare providers just don't get it. They refuse to see the need to fully secure their protected health information from unauthorized users -- and from authorized users who abuse their access privileges. As a result, they don't allocate enough budgetary resources for securing medical data.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.