Healthcare organizations protect patient information in the cloud

Healthcare organizations must ensure that their cloud solution maintains compliance with industry rules relating to patient information security.

The healthcare sector has been a leader in the early adoption of technology, and this trend continues with increased implementation of cloud computing in the industry.

A recent Marketsandmarkets report illustrates this fact, predicting that the global healthcare cloud market will be worth $5.4 billion by 2017. This growth comes in step with increasingly widespread practices of cloud utilization.

The cloud offers a number of benefits to employees of healthcare organizations. The cloud offers access to managed applications, both clinical and non-clinical, as well as  industry components and models including deployment, service and pricing.

A case study illustrated these uses and benefits within the South Florida Radiation Oncology organization. The group experienced recent growth and utilized the cloud to keep systems running smoothly and to integrate new employees into the policies and practices of the organization. The cloud platform used by SFRO features a practice management dashboard, data warehousing, billing and analytics.

The cloud also allowed administrators to more easily manage individuals and activities performed.

“Practice management is the lifeblood of doctor practices, just as ERP and CRM are for other businesses,” said SFRO managing director Ravi Patel.

Security in the healthcare cloud
Although some within the industry utilize public clouds for very specific functions, many organizations choose a private or hybrid cloud infrastructure to support their applications and services. This design offers additional layers of security, which is vital within an industry dealing with sensitive patient information. Private clouds allow administrators a high degree of application control with the assistance of their service provider as they can choose to allow access to certain personnel and block outside admission.

During the selection of a cloud provider, a healthcare group needs to look for certain elements which will ensure the security of sensitive patient data. Before choosing a cloud company, administrators should define what they are looking for from the provider. Having security objectives in mind during the decision making process can help higher ups stay focused on this vital aspect.
Additionally, decision makers should consider industry rules and guidelines when choosing a providers.

A main law to keep in mind is the Health Insurance Portability and Accountability Act, which was passed in 1996 and outlines guidelines pertaining to changing insurance, healthcare fraud and protecting health information. HIPAA calls for healthcare organizations to ensure that the sensitive information of patients is transferred, received, handled or shared securely. Groups must have security protocols in place to protect this data and maintain its confidentiality.

The omnibus rule, as part of HIPAA, was enacted in January and further strengthens protections pertaining to the security of patient information. U.S. Department of Health and Human Services representatives stated that the omnibus rule was created to keep in step with changes in technology as they relate to patient information security.

“Much has changed in healthcare since HIPAA was enacted over fifteen years ago,” said HHS Secretary Kathleen Sebelius. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”

The rule is aimed at organizations that are on the receiving end of health data transfers, including healthcare groups and their contractors and subcontractors. Also included in the rule are increased penalties for negligence relating to data breaches. Violations can have a maximum penalty of $1.5 million depending on the level of neglect involved. Due to this measure, healthcare organizations must be sure that their cloud solutions line up with the security guidelines in place for HIPAA compliance.

While the privacy measures of the cloud solution are an important aspect to consider when protecting sensitive data, healthcare groups should also protect their in-house workstations that store and utilize this information. IT personnel should implement reboot to restore software throughout the organization as a means to protect sensitive data and in-house workstations, failing which this information could be at risk.

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.