Moving Health Care Data Safely to the Cloud – It Can be Done! dumps cc sites, unicc login
By W. Hord Tipton, CISSP-ISSEP, CAP, CISA, Executive Director, (ISC)²
A few weeks ago, I was at my doctor’s office, and the topic of the cloud came up. You may think this is a strange topic of conversation between a man and his doctor, but given my background in security and recent pressures from the Federal Government for doctors to switch from paper to electronic records (a requirement he and his colleagues are less than thrilled about), it turned out to be a very timely and interesting discussion.
The reason I found it timely is that last month, I had several in-depth conversations with people about information security trends for 2011, and I kept finding myself coming back to the topic of cloud computing. Almost every industry is upgrading to the cloud for their data management needs, with the exception of one industry – healthcare, which is purposefully lagging behind because of their many uncertainties with the security and privacy of the cloud. Healthcare providers have control over massive amounts of data in patient records, which some may say is the most sensitive data of any industry. Hospitals and medical offices need to feel assured that there is adequate security coverage for their records. Currently, they are skeptical – hence, both their reluctance and displeasure in complying with digital regulations. Fortunately, cyber security education can help.
To begin, I’ll elaborate on the main concern healthcare providers have about upgrading to the cloud. Not surprisingly, their main hesitation stems from the age-old debate between electronic and paper records. Most think that with all the recent security breaches, paper records are the safer alternative to electronic records. This is not the case. In fact, patient records are far safer in a secure cloud than lying around in paper format. But again, understanding this relies on having adequate cyber security education.
Let’s look at this controversy from a patient’s point of view. Patients see news stories about massive security breaches in Fortune 500 networks every day. But how often do we hear that a patient’s records are left out on a table, printer or fax machine in a doctor’s office and stolen or copied? The fact is that we don’t hear those stories nearly as often. This phenomenon demonstrates how public opinion is formed. Numerous patients are against the transformation to electronic records because the risks of paper records are not as apparent. The risk is equally high, but patients just don’t hear about that. However, we must acknowledge it is much easier to steal 100,000 digital records on a flash drive than to steal the same 100,000 paper records in 1,000 different locations and off-load in a semi-tractor trailer.
There are some valid concerns surrounding medical devices, however, and healthcare providers should be educated about them. Small devices, like insulin pumps, for example, are miniaturized and do not have room for robust security measures like encryption. The security risk, however, is far less than the benefits, and as an industry, we’re already getting better at developing technologies that can better handle these limitations.
Over the next few years, between incentives for Electronic Health Record (EHR) implementations, HIPAA security and privacy guidelines and the computerization of most medical devices, health care providers will have to find a way to digitalize their information and ensure the security of their patients records, many of them through the cloud. Making the transition as smooth as possible by pushing cyber education is the job of the security professionals around the country and the responsibility of healthcare providers, be they doctors or staff, to understand.
Here are a few tips on what every healthcare provider should know and do before moving to the cloud:
The fact of the matter is that some healthcare providers are simply not looking forward to scanning their paper documents into the cloud, and that is understandable. But with an initial time investment, healthcare providers can soon learn that secure electronic records via the cloud can in fact improve their businesses and allow them to help more patients in a single day. Believe it or not, healthcare and the cloud are beginning to form a great partnership. But you have to “get it right”.
1 ©2011 Cloud Security Alliance. Securing Guidance for Critical Areas of Focus in Cloud Computing V3.0. https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf
dumps cc sites unicc login