As mandates for healthcare data exchanges increase, so does the movement of that data to the cloud. A 2015 report on global healthcare cloud computing estimates the value of that sector at $4.22 billion last year. And it’s projected to grow at 20.1 percent each year through 2020, to more than $12.6 billion.
That’s more than the 2014 gross domestic product of China!
At the same time, data breaches threatening the privacy of our personal data are at an all-time high.
How can we reconcile our need for privacy with our frantic race to the cloud?
It’s not just our heads in the clouds
Cloud computing is taking hold in industry after industry. Healthcare is no exception.
In a HIMSS Analytics survey, 83 percent of healthcare executives said they use cloud services. More telling is that 43.6 percent host their clinical software and data in the cloud. And more than 38 percent use the cloud to exchange health data with other providers.
It makes sense for companies of all sizes to outsource infrastructure to cloud providers. Maintaining their own IT ecosystem is cost-prohibitive for most practitioners. Cloud computing allows them to focus on their healthcare business – not on an ever-changing IT landscape.
Doctor offices need to share information with insurance companies, with hospitals, with pharmacies. Using the cloud simplifies Health Information Exchange. It provides well-defined data conduits that healthcare providers would otherwise have to create themselves.
What happens in the doctor’s office…
Given the massive shift to cloud computing in healthcare, everyone’s data is in the cloud. The result? What happens in the doctor’s office doesn’t stay in the doctor’s office. Your personal data – and that of 400 million other Americans – moves back and forth between providers all the time.
And as it moves around, there are lots of watchful eyes.
Think of your health data like the old-time hospital chart at the foot of the bed. Now think of a courier, hired to take a copy of that chart from your doctor’s office to the pathology lab, then on to the pharmacy. A lot can happen along the way. Maybe he has an accident or a flat tire. Maybe he peeked at the chart, out of curiosity. Or maybe he left it on the table when he stopped for lunch.
Without the right protection, your health data is just like that chart. It could end up in the wrong hands.
What’s a healthcare provider to do?
The Anthem breach reminded us that, whether we store our data in the cloud or in a private datacenter, we should encrypt it. At least that way the courier can’t read the chart or lose it for someone else to read.
By itself, though, encrypting the data in your DBMS isn’t enough. When an application reads data from the database, it moves through various systems. It resides in computer memory, moves through the network or displays on someone’s screen. This means at any given time, at least some of the data is unencrypted.
To protect that data from prying eyes, your IT staff or managed IT services provider must also secure the rest of your infrastructure. For example, all access points should use strong multifactor authentication. That includes not just the DBMS, but also the networks, servers and applications.
As a healthcare provider, your customers entrust their information to you. Your IT staff must plan and build your data security solution, then monitor it end-to-end at all times.
Keeping it under wraps
No infrastructure – cloud or physical – can ever be 100 percent impervious to attackers. But expert IT service providers know how to protect your healthcare data in the cloud, end-to-end. A multi-leveled security policy can help ensure your cloud solution thwarts even aggressive attackers.
Choose the right experts, and you can win the race to the cloud.