Healthcare IT & Cloud Security: Top 4 Data Considerations
The healthcare industry is changing how it delivers patient care. With technology that enables greater collaboration for patient care, and with patient care delivery models shifting toward telemedicine and self-served healthcare, healthcare IT (HIT) finds itself thrust into the world of online collaboration platforms, SaaS, and cloud computing.
As a highly regulated industry in which individual’s data demands the utmost security, this move isn’t always comfortable. But as recently noted in a statement by the Cloud Standards Customer Council, “Around the globe, healthcare reform has mandated that it is time for healthcare IT to be modernized; and that cloud computing is at the center of this transformation.” The benefits and cost efficiencies gained from moving to the cloud are many, including:
- The ability to share information easily and securely
- More seamless collaboration among geographically dispersed healthcare entities and patients
- Scalability and flexibility
- The ability to secure and back up your data inexpensively
Microsoft Office 365 is a great example of a feature rich, unified collaboration and communication cloud-based service that is being adopted by healthcare entities – from clinics to medical device manufacturers. With Office 365, for example, caregivers can work together and connect virtually with patients more efficiently and cost effectively.
Considerations for leveraging cloud services
Office 365 is built to meet HIPAA security and privacy regulations. However, healthcare entities should be aware that most cloud vendors operate under the rubric of shared responsibility, in which both the cloud service provider and the customer are responsible for ensuring data protection and business continuity. Though Microsoft provides for security and data protection from hardware and software failure, natural disaster and power outages, it does not cover other data loss scenarios including:
- Ransomware and viruses
- Human error
- Programmatic errors (such as configuration errors)
- Malicious acts
- External hackers
In each case, it is the customers’ responsibility to provide data protection against these very real and common threats. Did you know that 58 percent of companies that use SaaS applications have suffered a data loss incident over a 12-month period? These are odds that HIT departments and healthcare entities cannot afford.
In order for health care providers to securely leverage SaaS or Cloud services and take shared responsibility for data management and protection, the following considerations should be made:
|Privacy and Security|
|Regulation and Compliance|
|Data Backup and Protection|
|Data Restore Requirements|
Case study: Millar, Inc.
Millar, Inc., a medical manufacturer of neurological and cardiac catheters, recently migrated to Office 365. Like any other healthcare entity, Millar must meet strict standards surrounding data protection and accessibility. IT director Todd Miller knew Millar, Inc. needed a backup and recovery solution that would ensure their critical data could be retained indefinitely and conveniently restored to its original state in the event of data loss. Millar implemented Spanning Backup for Office 365 to provide daily, automated backup and peace of mind to continue innovating in the cloud. The installation took place in a few hours, and the easy-to-use GUI made it a “set it and forget it” data protection service that works seamlessly with Office 365 via a Microsoft API. Millar also chose Spanning Backup for Office 365 because it is HIIPA compliant and provides granular backup and restore capabilities for Mail, One Drive for Business and Calendar.
As your healthcare organization moves more of its HIT to the cloud, it should ensure that patient data is secure and recoverable. Backup and restore cloud solutions are a must when determining your cloud data protection strategy.
An earlier version of this article was first published on Microsoft’s healthcare blog.Protect the Health of Your Cloud Data