Healthcare cloud security: Now and into the future
By David Linthicum
Healthcare providers and payers that utilize cloud platforms to store and access personnel records (and like data) are probably storing protected health information (“PHI”), which is protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Rules now in place govern the use of cloud computing to store health-related data, including personnel-related data. The consequences for failure to comply can be severe to a company’s bottom line, including some heavy fines and PR nightmares.
In March of last year, the Department of Health and Human Services (“HHS”) finalized the HIPAA Omnibus Rule, which made the regulation more cloud friendly. This rule expanded HIPAA’s applicability beyond covered entities (health care providers and/or payer) to business associates. By definition, a “business associate” is a person or entity that creates, receives, maintains, or transmits PHI in the course of fulfilling certain functions or activities for a HIPAA-covered entity, and this business associate can be a cloud computing provider.
In 2014, the trend toward leveraging clouds to support HIPAA-compliant PHI information will continue, with more providers and payers leveraging clouds in order to lower costs. While many will consider this a risk, most cloud providers that take on PHI data understand how to manage the data, including supporting audits.
More providers and payers will leverage “managed security services providers” in 2014 and 2015. These service providers offer everything from on-site consulting to penetration and vulnerability testing. The idea is to help healthcare organizations fill various security gaps, such as helping out with attacks or breaches, ongoing.
The use of managed security services providers will allow healthcare organizations to push some of the responsibility for security to those that are security experts. As the regulations change, as well as the technology, these outside service providers should reduce some of the risk as healthcare providers evolve.
The use of big data will expand among healthcare organizations in 2014 and 2015, but so will the security concerns. The expanded use of big data brings its own security concerns when you consider how much more meaning can be derived from data, including information that may be sensitive and most likely regulated.
Many think that HIPAA will cause most of the limitations around the use of big data, with organizations strictly interpreting the regulation. Indeed, the Bipartisan Policy Center maintains that HIPAA is hindering organizations from moving data around to provide clear benefits to the healthcare organization because the federal regulation misapplied, and over-applied. Testing the law may provide more clarity, but few are willing to suffer the fines to find out. Thus, most healthcare organizations are moving forward with a very conservative use of big data systems.
Security will continue to evolve in the world of healthcare, mostly driven by changing regulations and changing technology. The evolutions we’ll see over the next few years will mostly be expected, with the challenge being to balance the need for security, as well as protections for patients and providers, with the needs for cost-effective, efficient systems.
The post Healthcare Cloud Security: Now and Into the Future appeared first on Logicworks Gathering Clouds.
- » Pentagon to ‘reconsider certain aspects’ of JEDI Microsoft cloud contract award
- » How AI is bringing a new dimension to software testing
- » Five key takeaways from RSA Conference 2020: Cloud SIEM, Zero Trust, API-based security, and more
- » A day in the trenches with IT operations: How to create a more seamless practice
- » Realising the impact of unsecured container deployments: A guide