Healthcare Shouldn’t Fear the Cloud
I was just reading an interesting article in Health IT Security about the Top 10 Healthcare Data Breaches of 2014.
Security breaches are an everyday topic, the most recent one that has been quite embarrassing for a corporate icon is the breach at Sony. As embarrassing as this was, there is an understandable and obvious fear of a healthcare data breach. HIPAA and other regulations are in place to help ensure that this doesn’t happen, but breaches of personal, confidential information are still happening. Not only is there the loss of trust, but there are also stiff financial penalties to deal with as well.
The migration to the cloud has only exacerbated this fear. Healthcare has been slow to adopt the cloud, with security being the number one concern. But this article highlights some intriguing truths about healthcare data security breaches that are often overlooked.
- Hackers get all the press, but most breaches are from internal sources. It’s true; most breaches are caused by disgruntled employees, departing workers, or external contractors. This underscores the importance of internal security systems, processes, auditing, and oversight.
- Physical theft and loss are still a big issue. The article mentions Dr. Nisar A. Quraishi of New Jersey, who had his shed broken into and multiple physical files removed. Even more common though is the loss or theft of a laptop or tablet containing either patient data or unsecure system access.
- It’s not just technology. St. Vincent Breast Center of Indianapolis had to alert 63,000 patients that correspondence containing their patient data might have been mailed to the wrong addresses. Human clerical error was to blame for this action.
- It’s not just the cloud, it’s the Internet. The cloud gets a bad rap because it is virtual and perceived as new by many users, but any system attached to the Internet or public network, even on premise software, is susceptible to hackers and breaches.
Does this mean that healthcare shouldn’t worry about security in the cloud? Not at all, but healthcare needs to start leveraging the benefits of the cloud while closely overseeing security of the cloud as it would for any other system or process.
Major cloud platforms like Google and Amazon, and major cloud applications such as Salesforce.com are all HIPAA compliant. The cloud offers many cost and technological opportunities that could really benefit the healthcare industry, specifically the provider and physician space. Hopefully the benefits of the cloud can overshadow the fear that many have and those in the healthcare space can start reaping the benefits.