Risks always follow new technologies. For instance, a tablet may be easily stolen or misplaced. If that tablet has the personal information of several hundred patients stored on it, the unknown whereabouts could lead to lawsuit settlements with insurmountable financial repercussions. Therefore, hospitals must be wary about how they are collecting, storing and protecting the information on their patients.
Storing data on mobile devices does make it easier to access data, but it also increases the risk of the same data falling into wrong hands if the device is misplaced. It really does not matter much if the data on the device was encrypted or not. Patients (and the judicial system) care more about the actual loss of personal information rather than the loss of the technology itself on which the information was stored. Therefore, being able to protect data itself is a much better proposition for ensuring the safety of patient records. Putting data on secure cloud applications is one way of minimizing risks from theft, provided it cannot be downloaded into any type of computer.
Cloud service providers that store data securely in multiple places minimize the risk of data loss due to catastrophic natural disasters, sabotage or destruction. Redundancy is assured when the healthcare information is stored on primary database servers along with a backup database server. Providers ensure that customer’s data can be replicated to database servers in real-time during disaster recovery operations.
For healthcare services to attain this level of data, security would turn out to be extremely expensive and administratively very difficult. It would detract from the healthcare provider’s primary functionality of caring for their patients. However, when a cloud service provider offers security, it is less expensive as the implementation is usually on a large scale. On one hand, the healthcare industry gets security at affordable prices and on the other, it is not burdened with maintaining a service that is not its core strength.
Although the cloud hosts and protects medical information, the control remains with the hospital. With support from the cloud service provider, hospitals can ensure a role-based security system for accessing the data. Users can have different levels of access based on their roles within the hospital’s organization. Security breaches become easier to prevent, as specific people now require different levels of security clearance. The hospital can choose to employ role-based security for preventing an employee from unwittingly altering or accessing information that he or she is not permitted to because of their specific function.
From their side, cloud service providers offer a host of security features that their customers can utilize. For ensuring compliance to HIPAA, there are password complexity requirements, verification questions and session lockouts. Providers typically store user passwords with one-way hashing algorithms, while logging user entries with date, time and source IP address. The logs are maintained for a minimum of 30 days to ensure tracking and security.
The emergence of HIPAA-compliant cloud storage has raised the bar of providing a complete solution for improved performance and security for the service providers. The improved access to information stored on HIPAA-compliant cloud simplifies switching and leads to more savings for the medical facilities.