Healthcare organizations are increasingly viewing cloud computing as a viable way to use electronic health records (EHRs). Software-as-a-service, or SAAS, has shown, in many respects to be successful as an economical method to make electronic records available among the incentive driven health system.
“Cloud computing makes a compelling case for healthcare providers. After all, the on-demand, pay-as-you-go cloud model offers a way to reduce the cost of applications and storage-no small matter for hospitals faced with challenges to maintaining revenue margin health” (2011).
However, cloud technologies cannot escape the potential for problems, especially regarding security issues. The punishment for breaching HIPAA is no small matter and should not be taken lightly. And security issues are the “number one concern that could hold back their organization from either adopting or further implementing cloud computing” (2011). As with any major project requiring the use of information technologies, careful evaluation and scrutiny of the vendor is paramount. In cloud computing, the vendor will essentially have control of the data and this makes providers nervous.
Measures need to be taken to select the appropriate cloud model and vendor. Two types are prevalent: the truly distributed model is the “high-risk” version in which the cloud vendor is the primary aggregator; and the more secure, data center style operated by a single cloud vendor and is compliant with the “Statement on Auditing (SAS)-70” that allows for monitoring and protections. Read on for additional information regarding cloud security at Cloud Security Alliance.
Other areas to consider in contemplating cloud technologies include gaining an understanding of levels of accessibility, how the data is managed, and level of audits conducted to ensure security of information in compliance with HITECH and HIPAA.
Please click “PHI: A SPECIAL CASE?” for a personal cloud experience story by Rick Schooler, Senior Vice President and CIO of Orlando Health.