Tips On Storing Patient Information In The Cloud

Posted on June 27, 2018 I Written By

Anne Zieger is veteran healthcare consultant and analyst with 20 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. Contact her at @ziegerhealth on Twitter or visit her site at Zieger Healthcare.

These days, it’s pretty much a given that providers will store some or all of their data in the cloud, i.e. off-site on a vendor’s servers.  For many providers, doing this is a good idea, as it allows them to avoid buying dedicated hardware or upgrade their own storage capacity.

That being said, all cloud vendors are not made equal, and it’s important to pick the right one. After all, providers can face dire consequences if their patient data is breached. Even if the vendor is at fault, providers will take most or all of the blame.

Before storing data on an outside service, it’s important to check them out carefully.  Here are some tips on evaluating vendors from David McHale of The Doctors Company:

  • Research the vendor’s security practices: Find out of they have a good reputation and strong security policies in place. Whatever time you put into the research is time well spent.
  • Make sure the vendor can handle all of your data: Bear in mind that many cloud services company charge by the amount of storage providers use, so being sure those costs are affordable is important. Also, providers should make sure the vendor can handle the amount of data they’d like to store.
  • Be sure that your data is encrypted at all times: Providers should see to it that their data is encrypted when being uploaded to or downloaded from the cloud. This includes ensuring that browsers or apps require an encrypted connection to the vendor’s server.
  • Patient data should be encrypted when stored in the cloud: Never store data protected by law in the cloud, such as medical information or personal identifiers, unless the stored data is encrypted. Also, don’t let anyone decrypt the data unless they are authorized to do so.
  • Learn how access is stored in your cloud folder: Cloud storage vendors often let providers share access to online folders stored on their servers. and it’s important to know how that sharing works. For example, find out whether data in the folder is read-only or whether users can edit the file, and whether managers can find out who last edited a file.
  • Prepare for the worst: Providers should know what they’ll do if their cloud vendor gets hacked or their data is lost. To find this out, they should read the “terms of service” provisions of their contract, which often states that users have little recourse if their data is breached or lost.

To be sure, cloud storage can be a great way for providers to save money on storage and see that their data is backed up offsite. However, it’s important they do their due diligence and see that the vendor will protect that data carefully.