If you’re a healthcare provider who has shied away from the cloud due to security concerns, you could be making a grave mistake. In fact, moving to the cloud can increase data security.
Medical records are high-value targets for data thieves, and safeguarding data is one of the most daunting challenges for anyone who stores patient records in any form, including paper charts.
Data thieves are smart, adapting quickly and finding new ways to infiltrate servers. To stay ahead of them, you have to constantly monitor for intrusion attempts and adapt your security measures to new attack modes. If you can’t afford a full time security staff or a high-level security monitoring service, it’s only a matter of time until a breach happens.
Safety in numbers
The complexity and difficulty of securing medical records data is one of the major reasons that cloud hosting for EMRs and other medical applications has grown so quickly. A reliable healthcare cloud vendor will invest in the best and brightest security professionals and systems, spreading the cost over multiple tenants. That really levels the playing field for smaller providers.
Of course, cloud hosting offers advantages beyond security. It facilitates access to data from any internet-connected device, giving healthcare providers mobility without having to store data on vulnerable end-user devices. Forgoing onsite servers also frees up physician practices from the need to create and maintain hardware infrastructure, allowing them to focus on the clinical and business issues of implementing an EMR or any other clinical or business application.
Cloud technology also offers flexibility, letting you expand or contract your compute power and storage as needed, paying only for what you use. That means you can align your expenses more closely with your income. An EMR becomes an operating expense, not a capital expense. And if you store medical images in the cloud, you can set up a contract that charges a fee only as you store each new image. You don’t pay for storage ahead of the need. Also, you can shift on to your cloud provider the burden and liability of protecting archived records that you aren’t likely to need but can’t legally discard.
Look carefully before you leap into a cloud contract
While there are numerous advantages to cloud technology, especially for small providers, there are also some pitfalls. Before you sign a contract with a cloud provider, you need know how to pull that data back out. Your contract should stipulate clearly how the data will be transferred to a new storage site if you decide to change vendors, and how the cost for that service will be calculated. You should also have a clear understanding of all charges, with clearly defined service levels and availability. And the contract should define the penalties if the vendor doesn’t live up to the agreement.
It also pays to do some research on the vendor. Not all data centers are alike. For healthcare customers, the ability to comply with HIPAA regulations is crucial. Ask for details about security monitoring, and check the experience of those in charge of security. Also, check out the physical security arrangements. Is the building secure against break-ins? How about natural disasters? Do they have sufficient battery and generator backup to cover a complete power outage? Is there redundant storage in a separate location? Can you access it quickly? How fast can the vendor get your system back up if a server fails?
It pays to be a pessimist when negotiating a cloud contract. Assume that disasters will happen, and make sure that your vendor is prepared.
But remember, the hardware on your site is just as vulnerable as servers in a cloud data center. While imagining all the terrible things that can happen in the cloud, be aware that those same dangers exist for your own equipment.
National Health IT Week is September 16-20. Public and private healthcare constituents will work in partnership to educate industry and policy stakeholders on the value of health IT for the US healthcare system. For more information about National Health IT Week please visit www.healthitweek.org.