By Marty Puranki
The healthcare cloud has been growing incredibly, becoming an ever-more-important element of health information technology, or HIT. There are many reasons why the HIT cloud has been becoming more prominent, such as research and development and collaboration.
Since the cloud has been expanding so rapidly, this may be a good time to reconsider security -- and that means understanding the threat, reviewing best practices, and heightening awareness of emergent approaches.
1. Realize the cloud is only getting bigger.
The healthcare cloud market will increase at a compound annual growth rate (CAGR) of 18 percent from 2018 to 2023, Orbis Research recently predicted.
There are many reasons the cloud has been becoming a more common IT strategy in the healthcare sector, among them the following:
- Healthcare R&D -- Research and development is one of the key drivers of cloud growth, according to the Orion study.
- Scalability -- Scalability, which is fundamental to the cloud, allows for consistent management while reducing inefficiencies and bottlenecks. It gives you the ability to expand seamlessly, as well as keeping you prepared to contract as needed in response to recessions or other market conditions outside your control.
- Less investment -- Healthcare organizations have not been wanting to invest as much money in IT, the Mordor report notes. Cloud is an operating expense (OPEX), while a data center is a capital expense (CAPEX).
- Collaboration -- There is more opportunity created as collaborative capability is enhanced, observed Karin Ratchinsky. Cloud is essentially collaborative, since it allows established companies to work with startups or independent development teams to facilitate whatever business needs they have within an affordable, flexible, and secure solution (especially when the cloud is hosted within SSAE-18 compliant data centers).
For all the above reasons, healthcare providers, plans, and other firms within the industry want to take full advantage of the cloud.
2. Understand the importance of security.
While these strengths of the cloud certainly are compelling to organizations, security also must be a key concern. Especially since issues of compliance and liability surround this critical data, organizations within the industry should be concerned to see how common breaches are becoming: 5.6 million patients were impacted by 477 healthcare breaches in 2017, according to the end-of-year breach report from Protenus.
Also illustrating how common health sector breaches have become and how much they cost is last year's NetDiligence Cyber Claims Study.
First, healthcare sustained 28 percent of the total cost of breaches, even though it represented only 18 percent of cyber insurance claims. The averagehealthcare breach cost was US$717,000, compared to the overall average of $394,000.
3. Be aware of what constitutes healthcare security.
Given the incredible numbers, there is a pressing need to prevent breaches. To secure your healthcare cloud (much of this applies to the security of electronic protected health information, or ePHI, in any setting), you will need to take technical steps such as encrypting data in transit and at rest; monitoring and logging all access and use; implementing controls on data use; limiting data and application access; securing mobile devices; and backing up to an offsite location. Also do the following:
- Use strong business associate agreements (BAAs) -- The business associate agreement is absolutely essential to creating strong cloud security since you need to make sure that the cloud service provider (CSP) is responsible for the aspects of data handling that you are not able to properly control. It is clear that the business associate agreement is a central concern to compliance when you look at how much it is a point of focus in the HIPAA cloud parameters from the U.S. Department of Health and Human Services, or HSS.
- Focus on disaster recovery and upgrades -- Be certain that all cloud providers have strong disaster recovery methods, notes the Cloud Standards Customer Council (CSCC) report on the impact of cloud computing on healthcare. Also be certain that they will conduct proper maintenance by updating and upgrading your system in order to keep it current with developing security and HIPAA compliance standards.