Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and EHR for FREE!

Tips On Storing Patient Information In The Cloud

Posted on June 27, 2018 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

These days, it’s pretty much a given that providers will store some or all of their data in the cloud, i.e. off-site on a vendor’s servers.  For many providers, doing this is a good idea, as it allows them to avoid buying dedicated hardware or upgrade their own storage capacity.

That being said, all cloud vendors are not made equal, and it’s important to pick the right one. After all, providers can face dire consequences if their patient data is breached. Even if the vendor is at fault, providers will take most or all of the blame.

Before storing data on an outside service, it’s important to check them out carefully.  Here are some tips on evaluating vendors from David McHale of The Doctors Company:

  • Research the vendor’s security practices: Find out of they have a good reputation and strong security policies in place. Whatever time you put into the research is time well spent.
  • Make sure the vendor can handle all of your data: Bear in mind that many cloud services company charge by the amount of storage providers use, so being sure those costs are affordable is important. Also, providers should make sure the vendor can handle the amount of data they’d like to store.
  • Be sure that your data is encrypted at all times: Providers should see to it that their data is encrypted when being uploaded to or downloaded from the cloud. This includes ensuring that browsers or apps require an encrypted connection to the vendor’s server.
  • Patient data should be encrypted when stored in the cloud: Never store data protected by law in the cloud, such as medical information or personal identifiers, unless the stored data is encrypted. Also, don’t let anyone decrypt the data unless they are authorized to do so.
  • Learn how access is stored in your cloud folder: Cloud storage vendors often let providers share access to online folders stored on their servers. and it’s important to know how that sharing works. For example, find out whether data in the folder is read-only or whether users can edit the file, and whether managers can find out who last edited a file.
  • Prepare for the worst: Providers should know what they’ll do if their cloud vendor gets hacked or their data is lost. To find this out, they should read the “terms of service” provisions of their contract, which often states that users have little recourse if their data is breached or lost.

To be sure, cloud storage can be a great way for providers to save money on storage and see that their data is backed up offsite. However, it’s important they do their due diligence and see that the vendor will protect that data carefully.

The Sneaky Healthcare Cloud

Posted on April 11, 2013 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

Folks, I’ve read countless reports about the growing emergence of the cloud in healthcare. The thing is, many are studies summarizing broad trends in the industry, rather than news about specific providers who are willing to stand up and say that they actually implemented a cloud solution to house their healthcare data.

If hospitals and health systems are indeed adopting cloud solutions, why aren’t we hearing more about their experiences?  I have a few theories:

*  Migration:  Organizations that move from a legacy data management system to a cloud-based infrastructure have a lot of work to do. These folks probably don’t want to discuss what they’re doing until they’re pretty sure they’ve gotten the job done right.

Outsourcing:  Some healthcare leaders are outsourcing their cloud operations, but they’re not ready to scream to the rooftops that they’ve done so. My feeling is that they want to feel more confident about the relationship before they broadcast what they’re doing.

Security:  If a healthcare facility goes with the cloud, IT leaders there are probably pretty comfortable with cloud security, but I’m sure they don’t want to invite cybercriminals to put them to the test.

Politics:  Implementing the cloud for clinical data management may be a perfectly fine solution, but perhaps those facilities who have gone that way would rather not face criticism from outsiders who don’t agree with them.

Ultimately, the debates over cloud security may die.  As David Linthicum of HealthDataManagement notes, studies suggesting that even the public cloud can be secure are rolling in. (A recent study cited by Linthicum concludes that anything that can be accessed from outside, be it enterprise or cloud infrastructure, has an equal chance of being attacked.)

But for the time being, it seems pretty clear that hospitals aren’t going to hang out banners on their campus boasting about their cloud data infrastructure. Let’s see what happens over the next year or two.