Author Box
Articles Categories
All Categories
Articles Resources

Health IT - Best Practices for PHI Data Security and Selecting the Right Cloud Computing Provider

April 25, 2012 | Comments: 0 | Views: 260

In recent months, cloud computing is a topic that is getting a lot of attention especially when applying the technology in healthcare. Cloud computing is becoming more attractive to medical organizations predominately due to the benefits that the technology offers including reduced enterprise IT infrastructure and power consumption costs, scalability, flexibility, and accessibility.

At the same time, cloud computing pose significant potential risks for medical organizations that must safeguard their patients protected health information or PHI while complying with HIPAA Privacy and Security rules. The increased number of reported PHI breaches occurring over the past two years along with ongoing HIPAA compliance and PHI data privacy concerns, has slowed down the adoption of cloud technology in healthcare.

To help medical organizations and providers mitigate PHI data security risks associated with cloud technology, consider the following five best practices when selecting the right cloud computing provider:

1. Understand the importance of SSL. Secure socket layer (SSL) is a security protocol used by web browsers and servers to help users protect data during transfer. SSL is the standard for establishing trusted exchanges of information over the internet. SSL delivers two services that help solve some cloud security issues which includes SSL encryption and establishing a trusted server and domain. Understanding how the SSL and cloud technology relationship works means knowing the importance of public and private key pairs as well as verified identification information. SSL is a critical component to achieving a secure session in a cloud environment that protects data privacy and integrity

2. Not all SSL is created equal. The trust established between a medical organization and their cloud computing provider should also extend to the cloud security provider. The cloud provider's security is only as good as the reliability of the security technology they use. Furthermore, healthcare organizations need to make sure their cloud provider uses an SSL certificate that can't be compromised. In addition to ensuring the SSL comes from an authorized third party, the organization should demand security requirements from the cloud provider such as a certificate authority that safeguards its global roots, a certificate authority that maintains a disaster recovery backup, a chained hierarchy supporting their SSL certificated, global roots using new encryption standards, and secure hashing using the SHA-1 standard. These measures will ensure that the content of the certificated can't be tampered with.

3. Recognize the additional security challenges with cloud technology. There are five specific areas of security risk associated with enterprise cloud computing and medical organizations should consider several of them when selecting the right cloud computing provider. The five cloud computing security risks include HIPAA Privacy and Security compliance, user access privileges, data location, user and data monitoring, and user/session reporting. In order for medical organizations and providers to reap the benefits of cloud computing without increasing PHI data security and HIPAA compliance risks, they must select a trusted service provider that can address these and other cloud security challenges.

4. Ensure data segregation and secure access. Data segregation risks are a constant in cloud storage. In a traditional client hosted IT environment, the internal IT administrators of the organization controls where the data is located and the access granted to clinicians and support staff. In a cloud computing environment, the cloud computing provider controls where the servers and the data are located. Even though certain controls are lost in a cloud environment, proper implementation of SSL can secure sensitive data and access. A medical organization will know that they are on the right path to selecting the right cloud provider if they provide the organization with three key elements as part of their cloud hosting solution: encryption, authentication, and certificate validity. It is highly recommended for organizations to require their cloud provider to use a combination of SSL and servers that support 128-bit session encryption and should also demand that sever ownership be authenticated before one bit of data transfers between servers.

5. Make sure the cloud provider understands HIPAA compliance. When a medical organization outsources their IT infrastructure to a cloud computing provider, the organization is still responsible for maintaining HIPAA compliance with all Privacy and Security rules. Since healthcare organizations can't rely solely on their cloud provider to meet HIPAA requirements, it is highly recommended to select a cloud provider that has experience with HIPAA compliance and has compliance oversight processes and routines in place. Cloud computing providers that refuse to participate in external audits and security certifications are signaling a significant red flag and should be dismissed from further consideration.

SSL is a proven technology and a cornerstone of cloud computing security. When a medical organization is evaluating a cloud computing provider, the organization should consider the security options selected by that cloud provider. Knowing that a cloud provider uses SSL can go a long way toward establishing confidence. The right cloud computing provider should be using SSL from an established, reliable and secure independent certificate authority. Furthermore, when selecting a cloud computing provider, healthcare organizations should be very clear with their cloud provider regarding the handling and mitigation of risk factors beyond SSL.

Medical organizations that effectively performs PHI security and HIPAA compliance due diligence as part of their cloud computing provider selection process, will be best positioned to consolidate IT infrastructure, reduce IT cost, mitigate the risk of PHI data breaches, and increase business sustainability resulting from the adoption of cloud technology. This outcome will allow healthcare providers to focus more of their energy and resources to patients thus improving care and outcomes.

Frank J.Rosello is CEO & Co-Founder of Environmental Intelligence LLC.

Environmental Intelligence LLC is a Complete Outsourced Health IT Company providing End-to-End meaningful physician workflows consulting, integration, and implementation in (EHR) Electronic Health Records, Image Management Systems and Practice Management to private and public medical practices and facilities differentiated by our experienced, physician focused administrative staff and dedicated Health IT professionals.

To learn more about our Physician Focused - Patient Driven approach to EHR & Health IT Visit our website:

Source: EzineArticles
Was this Helpful ?

Rate this Article

Article Tags:

Cloud Computing


Cloud Computing Provider


Phi Security


Health It


Best Practices


Healthcare It

Your body needs glucose in order to get energy for cell and tissue function. Without energy, the cells do not function properly and the immune system is compromised. When your blood glucose levels

By: Clifford H Woods l Health & Fitness > Diabetes l July 09, 2013 lViews: 2617

Heavy Metals - Free radicals (tissue damaging molecules that cause aging and bodily deterioration) are the result of the ever-present toxins within our environment. Heavy metals are contained in

By: Clifford H Woods l Health & Fitness > Supplements l July 09, 2013 lViews: 607

Braun shavers and trimmers are very standard brand and their new curser beard and head trimmer is big for trimming beards. This trimmer was specifically made to be able to trim down your beard and

By: Lovey Blackburn l Health & Fitness > Beauty l December 20, 2012 lViews: 459

On this website you will find latest makeup reviews and swatches from real people. You will know how makeup products look in real life, and you can also participate! Post your photos, tips and

By: l Health & Fitness > Beauty l December 09, 2012 lViews: 320

You can either seek referrals from friends and associates or search for consultants on the internet. The latter, in our opinion, would be a viable option for those pressed for time.You can either

By: Simon Liva l Health & Fitness > Diseases l December 07, 2012 lViews: 269

Healthy living is essential in today's world, to ensure one's well being. Learn how to relax and improve your mood now! Be it exercising, or indulging in one's passions and hobbies, be sure to set

By: Clarinda l Health & Fitness > Mind Body Spirit l December 02, 2012 lViews: 262

It's strange to think that in the healthcare industry, where so many technological advancements have saved real lives, record-keeping still remains largely antiquated. Where doctors can now use

By: Scott Miscalll Health & Fitness > Healthcare Systemsl April 27, 2012 lViews: 212

The important thing is to understand what the pluses and minuses are so that you are sure you are doing the right thing. Knowing what the potential advantages and disadvantages are will give you

By: Scott Miscalll Health & Fitness > Healthcare Systemsl April 25, 2012 lViews: 274

Becoming a lab worker is something that is a very interesting prospect to many people. After all, it is a job in the medical field that does not come with the large amounts of stress that other jobs

By: Scott Miscalll Health & Fitness > Healthcare Systemsl April 25, 2012 lViews: 317

When you find your clinic considering a new EMR/EHR for any reason including the adoption of ICD-10, here are some pitfalls to watch for and how to avoid them. A thorough, well planned data migration

By: KW Norrisl Health & Fitness > Healthcare Systemsl April 23, 2012 lViews: 214

It can be very difficult and challenging for a disabled person or someone who cares for a disabled person to find a home health care aide who is compatible, honest, and reliable. All of the

By: Renae Segmondl Health & Fitness > Healthcare Systemsl April 22, 2012 lViews: 219

An advanced healthcare directive made out to tackle any health problems will kick in the event where you are temporarily or permanently unable to make your own decisions due to any physical or mental

By: Greg Garnerl Health & Fitness > Healthcare Systemsl April 20, 2012 lViews: 270

Discuss this Article

comments powered by Disqus