Many healthcare organizations are reluctant to trust protected healthcare information (PHI) to the cloud and not without good reason. The privacy and security of patient data is heavily regulated, and those who don’t comply face hefty penalties. But beyond the legal and ethical responsibility to protect patient privacy, if data is corrupted or lost, patient care can be disrupted. It’s not easy to relinquish control of such sensitive information to a third party.
That said, when a cloud service is run well, data is actually far safer in the cloud than it is on-premises, but only if that service includes certain capabilities. Here are three capabilities that, if present, will make the cloud a safer place to store sensitive PHI than trying to store and manage it in your own data center.
- End-to-end encryption: Moving and managing encrypted data is a complex task, and few organizations possess the resources to do it themselves, but strong, end-to-end encryption is absolutely vital to protect the privacy and security of individual healthcare information. A reputable cloud service will encrypt all of your data, both in-transit and at rest, and only the customer should control the encryption keys. That way, even in the extraordinarily unlikely event that someone breaks into the service, the data remains secure, because without the keys, it’s all gibberish.
- Built-in data protection and disaster recovery (DR): A common use case for the cloud is to leverage it for data protection and DR, so companies can eliminate their complex and costly secondary data centers. A HIMMS report from 2017 notes that when healthcare CIOs and IT teams think of cloud use cases, DR and backup comes in second to hosting applications. But typically, these services are simply using the cloud as a target for backups of on-premises data, and not data already in the cloud or in a SaaS solution.
Hospitals and healthcare providers are targets for ransomware attacks, and the best way to defend against them is to conduct frequent backups that are securely stored, so backup and DR must be built-in and automated. In fact, a recent survey found that ransomware attacks are the highest security concern for healthcare IT management. The most mature cloud data management services will include data protection and DR as an integral and automatic part of their service. That’s important, because a reputable cloud storage service will back up your data continuously throughout the day, with the backups themselves securely stored in multiple locations. They will also automatically replicate your data to a variety of different sites for disaster recovery (DR). Restoring data should be nearly instantaneous.
For on-prem data, many healthcare organizations only backup once a day, and very few can back up multiple times an hour during the busiest times of the day without impacting production data. When you’re using a cloud service to manage and store your data, you shouldn’t have to spend a second worrying about backups or DR.
- Automatic updates and patching: A recent survey from the Ponemon Institute found that 57 percent of healthcare organizations suffered a data breach as a result of a vulnerability for which a patch existed, and one-third of those organizations knew about the patch before the attack. Especially when you have multiple data storage and access systems on-premises – VPNs, backup, storage arrays, disaster recovery, replication – keeping everything patched and up to date is a managerial nightmare.
Cloud storage-as-a-service providers typically take care of patching and updating automatically, and that’s a major advantage over on-premises data management systems. A quality cloud service will always ensure customers are working from the most current version.
These capabilities are the keys to ensuring your healthcare data is not just safe in a cloud service, but substantially safer than it would be in your own data center. But beyond these concrete capabilities, the biggest differentiator for data security between storing it on-premises and in a service is focus. Healthcare IT is responsible for a complex mix of critical tasks, and securing the organization’s data is just one of them. At ClearSky, we are focused on ensuring our client’s data is always protected, secure and accessible. That focus is the key to doing anything exceptionally well.
But don’t just take it from us. Healthcare organizations come to ClearSky specifically because our cloud service can better secure, protect and manage their data than they could on their own. A good example is Partners’ Healthcare, a large Massachusetts healthcare organization founded in 1994 by Brigham and Women's Hospital and Massachusetts General Hospital. Several of its hospitals serve as teaching affiliates of Harvard Medical School. Their Enterprise Research Infrastructure & Services (ERIS) group chose to work with ClearSky because the organization was struggling to ensure that all of its researchers’ patient data was compliant with data security, protection and privacy regulations such as HIPAA.
Want to learn how ClearSky can help you better protect, secure and manage your healthcare infrastructure? Sign up for a free trial of our service.