Cloud Hosting

Hospital executives are still concerned about putting health data in the cloud but there is a growing consensus among security specialists that the fears are not as necessary as they once were.

That was among the overarching themes to emerge from the Healthcare IT News Cloud Computing Forum here at HIMSS17 on Sunday.

Nephi Walton, for instance, threw down the gauntlet: Security concerns about the cloud are valid but I challenge you to look at your own organizations and see how secure they actually are.

Walton, a biomedical informaticist at the Washington University School of Medicine, posted that to attendees.

Thats not to say storing personal health information or personally-identifiable information in the cloud is a simple matter.

Beaufort Memorial CIO Ed Ricks said that theres no such thing as a HIPAA-compliant solution.

I always pause when a vendor says they are HIPAA compliant, added Anahi Santiago, CISO of Christiana Care Health System. HIPAA is based on risk management.

Santiago said that risk management requires constant reevaluation of vendors and policies. Chlidrens National Medical Center IT security director Chad Wilson added the devil is in the details of contracting.

You really have to build a relationship with that company and understand their framework, Wilson said.

Ricks, Santiago, Walton and Wilson, its worth noting, all already have applications and data in the cloud. Christiana, in fact, implemented a cloud-first strategy for new apps and technologies.

Anything is doable on the security front, Santiago said, explaining that Christiana demands certifications such as HITRUST or ISO and looks at SOC II reports, among other policies and procedures, from any vendors they work with.

Kristin Chu, director of information services at the University of California at San Francisco Medical Center said that ultimately providers responsibility is not all that much different than protecting data anywhere they store it but recommended moving cautiously.

We did it very slowly and vetted it. It was successful over the course of months, Chu said. Cloud is key to our future. My advice: Get in and persevere in the process.

Washington Universitys Walton said that many people in healthcare are inhibited by security concerns but dont even realize how much data they actually have in the cloud already.

Im sure people are targeting Amazon, Google and Microsoft but because they get that all the time theyre more prepared to defend against it, Walton said. Youre hard pressed to match the same security as one of these companies.

HIMSS17runs from Feb. 19-23, 2017 at the Orange County Convention Center.

This article is part of our ongoing coverage of HIMSS17. VisitDestination HIMSS17for previews, reporting live from the show floor and after the conference.

Like Healthcare IT News onFacebookandLinkedIn

Read the original post:
Cloud computing: Can hospitals manage security better than ... - Healthcare IT News