While security risks are always possible in healthcare data gathering and storage – whether they’re stored on the premise or in the cloud – cloud computing in healthcare has come a long way in the past three years.
Fueled by the American Recovery and Reinvestment Act (ARRA) and Health Information Technology for Economic and Clinical Health Act (HITECH), Electronic Medical Record (EMR) software providers are digitizing all of our personal medical data at the nation’s largest providers and medical research institutions.
If you’re considering implementing an on-premise healthcare software provider or moving your healthcare organization’s data to the cloud, minimize security risks by acting on the following four items.
Weigh on-premise vs. cloud options
Most EMR implementations are on-premise from healthcare software providers such as Epic, Meditech and Cerner, which alleviates the security concerns associated with storing such information in the cloud. However, as the cloud effect takes hold, and healthcare CIOs want to leverage the enormous power of cloud computing, security threats are paramount in the discussion. AthenaHealth, in particular, has aggressively tackled security with its world-class SaaS-based EMR solution, used today by more than 47,000 medical providers.
Select a cloud provider proven in security
In addition to EMRs, healthcare CIOs increasingly want data storage, ERP/CRM and non-production environments to move to the cloud – and stay secure when they do. Cloud providers Amazon Web Services (AWS), Microsoft Azure and Salesforce.com‘s Force.com all meet many security and compliance certifications, with AWS appearing to have achieved the highest levels of compliance and certifications.
Prepare your staff and your system
Kurt Hagerman, Director of Information Security for FireHost, advises to build a strong detection system in your organization to ward off security attacks. He recommends setting up alerts for suspicious activity; proactively monitoring your own data – as well as security data on malicious domains – to build a stronger security wall; and collecting data at a macro level to look for data patterns and trends.
Look for helpful legal updates
Recent Health Insurance Portability and Accountability Act (HIPAA) updates may make cloud services suitable for healthcare providers. Under the new HIPAA Omnibus Final rule, cloud service providers must be compliant with HIPAA if they plan to do business with healthcare organizations, naming them “business associates,” which means they must follow the same guidelines as physicians and insurance providers.