Looking at the Pros/Cons of a Cloud Service Provider for Medical Practices

Apr 05, 2018 at 05:42 pm by Staff


By RON FRECHETTE

The demand for healthcare practices to adopt cloud computing solutions has become extremely popular, almost to the point of necessity for building a profitable practice and providing optimal patient care. This cloud adoption phenomenon in the healthcare industry will only continue to grow as we journey further into the Digital Age. There are many benefits to be gained by transitioning to the cloud. There are also several security and compliance risks to consider.

Starting with a high-level overview of the benefits and risks of cloud computing, followed by looking at a security and compliance checklist will help determine if cloud service providers are right for your practice.

Cloud Computing Defined

Cloud computing is a model for enabling on-demand network access to a shared pool of configurable computing resources such as, networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Advantages of Cloud-Computing

Disadvantages of Cloud Computing

Six Questions to ask Cloud Service Providers:

  1. What type of compliance certifications does your company hold?
    1. HITRUST certification would be of most interest in healthcare providers.
    2. Also, ISO 27001, SSAE 18 (SOC1, SOC 2, SOC 3 Reports) are important to have
    3. PCI DSS Report on Compliance should be required if they process, store or transmit credit card data on behalf of your practice.
  2. Can you share third-party auditor reports?
  3. Do you perform annual security risk assessments? Can you provide the results?
  4. Do you perform annual penetration testing? Can you provide the results?
  5. Do you have a disaster recovery and business continuity plan in place?
  6. Is your facility open for a physical walk-through inspection?

The answers to these questions can determine quickly if a cloud service provider is worth pursuing as a partner.

Protecting Patient Health Information

Protected Health Information (PHI) records are especially valuable to cyber criminals due to the amount of data each record possesses and the diverse ways in which they can be exploited. We are all patients. As custodians of protected healthcare information, patients trust healthcare providers to uphold their professional and moral obligations to protect their medical records from getting into the wrong hands.

As the data breach trend continues to rise in the healthcare industry, especially in smaller practices, patients are beginning to ask the hard questions about how the practice is protecting their personal healthcare information. Not having the right answers could lead to a loss of patients.

The challenge many physician offices face is access to qualified security professionals to provide accurate and affordable guidance. Performing an independent security risk assessment is a great first step toward identifying vulnerabilities within the practice and ultimately reducing the risk of a data breach.

As physician practices are forced to rely more on cloud computing in the Digital Age, beginning to assess the security posture of a practice, which includes thoroughly vetting and identifying cloud service providers will help keep patient data safe and secure in cyberspace.

Ron Frechette, is managing partner of GoldSky Security, a cybersecurity and healthcare firm. Questions: ron.frechette@goldskysecurity.com


For more information:

https://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html

https://en.wikipedia.org/wiki/Cloud_computing_security

Sections: Business/Technology