BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

The Cloud Is Actually Protecting Your Medical Data

This article is more than 8 years old.

Cloud computing has made data and the processing of it more ubiquitous, efficient and accessible. Cloud-based systems are now a key part of all of our personal lives, from Internet email services to wearables and app platforms. The cloud is now moving rapidly into the healthcare sector as a way to make processes more efficient for medical providers and to allow patients to access their data at any time to keep it up to date. But for a lot of people, saving medical records and private health data in the cloud is an unnerving thought. With the recent breaches of retailers' consumer data and headline-grabbing celebrity hacks, it's not ridiculous to assume that anything in the cloud is relatively unsafe.

That assumption may be misplaced. Though security is still a big barrier to cloud adoption, healthcare organizations that have deployed cloud systems, whether it is through electronic medical records or other private cloud analytics services, have seen improvements in their technological capacity, financial metrics, time management, workforce productivity, and reduced security risk, according to the 2014 HIMSS Analytics Cloud Survey.

“Means exist for us to engage more and better share information, including across various care settings and geographic locations (including from the patient’s home)—all thanks to healthcare cloud computing,” said Lee Kim, director or privacy and security for HIMSS North America.

In the research sector, benefits outweigh the risks when it comes to the cloud in healthcare -- as long as the providers are vetted by third parties and remain HIPAA-compliant. There is a Federal Risk and Authorization Program, which provides a standardized approach to assess and monitor the security of cloud providers.

Web-based providers offer extremely high level security and high level encryption that render data unreadable. It’s much safer than having a paper trail --which many providers still have -- but it’s also more secure than client server systems for electronic medical records, which are only as safe as the room they’re housed in. With a cloud-based system, if a tablet or mobile device used for patients is taken from the hospital or medical office, the data is not in danger.

“There have been relatively few breaches that have been reported involving cloud providers,” Kim added. “Availability and uptime of a cloud resource are seemingly more common problems than data loss and breaches.”

According to the 2014 HIMSS Analytics Cloud Survey, about 5% of respondents reported data loss and just over 2% reported data breaches, compared to 16% of respondents who reported availability and uptime issues with their cloud provider.

Of course, whether a cloud provider is safer than a traditional system like a server depends on the security practices of the cloud provider versus the healthcare provider. There are many different approaches to security and many different options for public, private, and hybrid cloud systems. Some cloud providers will be more secure than others, and the fact that a system is private does not mean that it is inherently safer.

“My sense is that most public cloud service providers (CSPs) would do a better job at protecting [healthcare information] than healthcare delivery organizations (HDOs) would do,” said Barry Runyon, a Gartner research analyst who focuses on the healthcare sector. “It’s more of a matter of focus, resources and talent.”

Those healthcare organizations, he added, have many competing priorities and are constrained by tight budgets, but the cloud service providers want to keep patient health information safe, so their policies and technical controls are aimed at doing just that. Think of it this way: Instead of healthcare providers trying to figure out how best to secure medical data while also trying to assess and treat patients, research, and keep up with the ever-changing medical landscape, now there are dedicated teams trained in software services and data encryption doing the job.