Cloud computing is slowly taking over the healthcare industry, with increasing number of medical organizations widening their digital storage options and implementing cloud technology on electronic devices such as mobiles.
Before healthcare organizations can opt for cloud computing, cyber security concerns often make them think thrice. Are all of these concerns justified? If yes, then how can healthcare organizations maintain Protected Health Information (PHI) security and also ensure that they do not lag behind from a technological viewpoint?
Cloud security in relation to healthcare
Health and Human Services (HHS) defines a breach of Electronic Protected Health Information (EPHI) as an ‘impressible disclosure’, comprising the privacy of the protected health records; such that the use poses a significant risk of financial or reputational harm to the affected individual or company as a whole.
Since 2009, the most common cause of large-scale data breaches has been theft (55 percent), loss of information (11 percent), hacking (6 percent), improper disposal (5 percent), and other unknown factors (3 percent).
In a recent study conducted by the firm Markets and Markets, the healthcare cloud computing market is expected to grow to nearly $5.4 billion by 2017. The migration process can be, however, a little daunting for healthcare organizations since they have to deal with tons of data on a daily basis.
Securing medics from data breaches
Coming to the health care industry, the cloud has surpassed the conventional healthcare data management systems by being super-efficient with the management of data. For instance, medical cloud computing technology is used in remote patient monitoring. Since the demand for strict regulatory compliance is increasing, as well as growing investment from big healthcare players like IBM and Cisco, government organizations are expected to produce a demand for new techniques during the analysis period.
Moreover, the cloud is making security advances in the medical industry, making it a vital tool for doctors and professionals everywhere. So let’s check out the main factors that have made the technology so valuable for data protection.
1. The HITECH Act
The HITECH Act, also known as the American Recovery and Reinvestment Act of 2009, required the secretary of health and human services to expand the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules, increasing the penalties for violations of health insurance policies. The rules were also extended to apply to business associates (BAs) – usually defined as persons or entities that perform certain functions of personal health on behalf of a covered entity.
2. Breach notifications
In the current medical industry, Business Associates (BAs) are directly responsible for breaches that may occur to unsecured Personal Health Information under their purview. They are also required to report all cyber-transgression to covered entities they are in contact with, strengthening the security vacuum. BAs that specifically access, retain, alter, destroy or otherwise hold unsecured medical data must notify the covered company as soon as it discovers a breach of such important information. Reports are usually made without delay and in no case less than 60 days from discovery of the breach.
Reporting the exact identity of each individual, whose medical records have been affected, might be a difficult task for some associates like cloud service providers; but the rules do ask BA’s to provide information to the maximum extent possible.
- Support for covered entities ensures security
Some low-cost dedicated server hosting methods and cloud service providers extend support to multiple covered entities to take hold of all medical bids as well as PHI. Once the breach has been reported by associates via cloud system, the Office for Civil Rights (OCR), working directly with healthcare industries, allows for the entities to define who will notify individuals and how. This helps certain companies to know when and how to provide notification whenever a significant data breach occurs, taking full-proof responsibility for med-security.