Datica Blog

How Does the Cloud Reduce Data Loss Risk?

Mohan Balachandran

Mohan Balachandran

Co-Founder

July 13, 2016

Healthcare is being revolutionized by the proliferation of new technologies. With the modern boom of laptop, smartphone and tablet usage being witnessed across medical institutions, allowing doctors to easily connect with their patients is more important than ever. Since medical workers can connect near instantaneously to obtain medical information sought after, primary care workflows can be expedited, but what does this mean for data security?

Risks always follow new technologies. For instance, a tablet may be easily stolen or misplaced. If that tablet has the personal information of several hundred patients stored on it, the unknown whereabouts could lead to lawsuit settlements with insurmountable financial repercussions. Therefore, hospitals must be wary about how they are collecting, storing and protecting the information on their patients.

Storing data on mobile devices does make it easier to access data, but it also increases the risk of the same data falling into wrong hands if the device is misplaced. It really does not matter much if the data on the device was encrypted or not. Patients (and the judicial system) care more about the actual loss of personal information rather than the loss of the technology itself on which the information was stored. Therefore, being able to protect data itself is a much better proposition for ensuring the safety of patient records. Putting data on secure cloud applications is one way of minimizing risks from theft, provided it cannot be downloaded into any type of computer.

Cloud service providers that store data securely in multiple places minimize the risk of data loss due to catastrophic natural disasters, sabotage or destruction. Redundancy is assured when the healthcare information is stored on primary database servers along with a backup database server. Providers ensure that customer’s data can be replicated to database servers in real-time during disaster recovery operations.

For healthcare services to attain this level of data, security would turn out to be extremely expensive and administratively very difficult. It would detract from the healthcare provider’s primary functionality of caring for their patients. However, when a cloud service provider offers security, it is less expensive as the implementation is usually on a large scale. On one hand, the healthcare industry gets security at affordable prices and on the other, it is not burdened with maintaining a service that is not its core strength.

Although the cloud hosts and protects medical information, the control remains with the hospital. With support from the cloud service provider, hospitals can ensure a role-based security system for accessing the data. Users can have different levels of access based on their roles within the hospital’s organization. Security breaches become easier to prevent, as specific people now require different levels of security clearance. The hospital can choose to employ role-based security for preventing an employee from unwittingly altering or accessing information that he or she is not permitted to because of their specific function.

From their side, cloud service providers offer a host of security features that their customers can utilize. For ensuring compliance to HIPAA, there are password complexity requirements, verification questions and session lockouts. Providers typically store user passwords with one-way hashing algorithms, while logging user entries with date, time and source IP address. The logs are maintained for a minimum of 30 days to ensure tracking and security.

The emergence of HIPAA-compliant cloud storage has raised the bar of providing a complete solution for improved performance and security for the service providers. The improved access to information stored on HIPAA-compliant cloud simplifies switching and leads to more savings for the medical facilities.

Questions? Reach out to us directly, tweet us, or provide us your contact information to the right. We’ll solve your problem so you can focus on your solution.

Earlier

7-Step Technology Checklist for PHI Protection

Criminal and financial penalties alongside severe reputation loss — with wagers so high, hospitals need to grow above the impromptu manual audits. Further contextual proof is given since these audits review a very minute percentage of all daily access events. Ensuring widespread patient privacy requires a solid foundation involving policy, procedures, and technology.

Next Post

10 Financial Questions to Ask Before an EHR Project

Despite best efforts, most EHR projects are forecasted to go beyond scope. Ask these 10 questions for an accurate financial estimate of an EHR project.