From the November 2016 issue of HealthCare Business News magazine
There are other safeguards that must be architected in a public cloud solution. The good news is that the major public cloud providers have myriad tools that can be brought to bear in an environment to allow customers to comply with each requirement. These tools are necessary to protect health data that, if breached, can be devastating to patients and the providers they entrusted with their private medical information.
Not all clouds are equal
Working with PHI in a public cloud requires a very specific, ever-evolving knowledge set. It’s not something you can pick up from a webinar during the lunch hour. AWS, for example, offers DIY tools like CloudTrail for log monitoring — just one of the security tasks mandated by HIPAA. Obviously, these tools take time to learn, use and automate, and then HIPAA compliance itself is a constant endeavor. Only a health care-exclusive cloud partner possesses the deep experience in complying with HIPAA’s privacy and security standards. And given the high stakes, if patient data is breached, ensure your partners focus on exceeding, not just meeting, HIPAA Security Rule standards.
Ad Statistics
Times Displayed: 109945
Times Visited: 6642 MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013
To that end, look for a cloud partner who is also HITRUST-certified on the Common Security Framework by the Health Information Trust Alliance, the gold standard for PHI security. As for specific security methodologies, seek a partner that practices “defense in depth” security, which safeguards data at multiple levels. Ask about their cloud and general security expertise in such areas as identity and access management; configuration management for operating systems, networks and firewalls; client-side and server-side data encryption; network traffic protection; log management; and monitoring and alerting.
A good starting point for moving to a public cloud is in the area of backup, disaster recovery and long-term archiving. HIPAA requires providers to retain patient records (LIS, PACS, EHR, etc.) for years, to meet regulatory requirements. This can result in petabytes of data. The public cloud can reliably archive patient record data securely at a very low cost. Radiology providers and their business associates can securely store large or small amounts of data, and pay, based on usage, as little as $0.007 per gigabyte per month, a significant savings compared to on-premise solutions.
Public clouds are ideal for infrequently accessed data where a retrieval time of several hours is suitable. And because the cost is low and usage-based, providers need not worry about expiration dates, and can keep images stored indefinitely. The public cloud, used in tandem with information security and health care managed services, is the ideal combination to ensure privacy, security and HIPAA compliance.
