Below are 10 key facts for healthcare providers to know about "the cloud."
1. The National Institute of Standards and Technology defines "cloud computing" as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
2. There are three service models within healthcare cloud computing: software as a service, platform as a service and infrastructure as a service. SaaS models are end-user applications, which are provided as a service. PaaS models are provided as a service for the customer to customize. IaaS models are computing resources, storage and other resources such as firewalls, which are provided as a service rather than deployed internally by customers.
3. In the second quarter of 2015, there were on average 928 cloud services in use at healthcare organizations, according to Forbes. Of the 928 cloud services, about 93 percent of them pose a medium or high security risk to the healthcare organization. The article also notes there are security advantages to cloud services compared to on-premise solutions, but they are not invincible to attacks, whether those be internal or external.
4. On average, healthcare organization use 928 cloud applications to manage 6.8 terabytes of data every month, according to a report from cloud security software provider Skyhigh. Common cloud service categories include business intelligence, collaboration, content sharing and social media.
5. A recent Forbes article states, "cloud is the new cure," telling the story of how one health group found the cloud allowed them much more flexibility as they grow, especially compared to EHR systems that were holding them back. The article also notes that storing records in the cloud allows physicians full access to patient information, including lab results and billing history, from any web browser on any device. Largely, per the articles headline, "How The Cloud Is Helping Doctors Spend More Time With Patients," the article outlines many positives in regards to the cloud.
6. In regards to cloud security, public Cloud Service Providers employ the Shared Responsibility Model, which can bring forth cloud security concerns with the customer. The cloud provider generally is responsible for securing access to the physical servers and the virtualization layer, while your organization is left in charge of security for the hosted operating systems, the applications and the data itself, according to a recent Becker's Hospital Review article by AlonMaimoni, CMO of FortyCloud. Mr. Maimoni suggests clarifying these seven questions regarding how to safely migrate data, PHI and resources to a public cloud.
- Who manages the encryption keys?
- Does the CSP implement controls to segregate your PHI data from other customers?
- How can I tell if a CSP is HIPAA-compliant?
- What level of Network Security does the CSP offer?
- We're not sure about the migration process and we'd like to start slowly — should we segregate our PHI from our corporate data?
- What is the SLA for availability? What safeguards are present for disaster recovery?
- Does the CSP provide APIs to automate tasks?
7. Some of the uses of a cloud system in healthcare include faster EHR technology deployment, data-sharing and enhanced collaboration, management of "big data," longitudinal patient medical records, revenue cycle management, claims processing and enrollment, according to HIMSS.
8. The average healthcare organization uploads 6.8 TB of data to the cloud per month. Without the proper controls, however, this data could be at risk, according to a Mobile Enterprise report. Among these downloads, 15.4 percent support multi-factor authentication; 2.8 percent have ISO 27001 certification and 9.4 percent encrypt data stored at rest. Healthcare records are especially appealing to hackers as well, because they contain Social Security numbers and addresses that are worth about 20 times a credit card number. This is because cyber-criminals can open multiple fraudulent accounts. Records for terminally-ill patients are worth more to criminals because it's less likely the patient or family will detect the fraud, according to the report.
9. When asked how prepared the healthcare sector is for handling the HIPAA compliance and cybersecurity risks of cloud deployments, David Pollard, of Connectria Hosting, told TechRepublic that themes of functionality and security are common among healthcare IT professionals. "What use is an electronic health record if the providers cannot access that record in an emergency? This is something that is continuing to evolve, and there will be stumbling blocks along the way," said Mr. Pollard.
10. The worldwide healthcare cloud computing market will grow at a 20.5 percent compound annual growth rate to reach $9.48 billion in revenues by 2020, according to a recent MarketsandMarkets report. The security of patient data in the cloud is a crucial issue that will likely restrain market growth.