Security Checklist for the Cloud-Hesitant Healthcare Community

  • October 31, 2018 - by Synoptek
Share Button

When it comes to cloud adoption, the American health care system trails behind other enterprise-level organizations. While 70% of health care organizations currently have some IT applications in the cloud, CIOs still express nagging suspicions that these architectures aren’t as secure as on-premise solutions.

Today, healthcare providers recognize the urgent need for business cloud integration but struggle to overcome their underlying privacy and security anxieties. The move, however, can be surprisingly smooth and unsurprisingly secure when concerns are addressed before, during, and after the cloud migration process.

Mitigating risk prior to migration

Deploying to the cloud is a genuine trust exercise. Health care organizations should conduct a careful assessment of their current on-premise security protocols benchmarked against the cloud provider’s security in order to ensure full trust in both the cloud service provider and the process ideology itself.

Updating to the cloud will address a company’s control of security protocols, so shifting data management responsibilities to the cloud service provider requires a mutual and thorough understanding of something called a service level agreement (SLA). Cloud deployment mandates that the customer splits security responsibilities with the provider — and an effective and mutually beneficial partnership can calculate where this split occurs.

When entering relations with a cloud service provider, extensive conversations addressing each business’s security responsibilities and potential concerns are critical to conduct. Good topics of discussion include:

  • Creating clear lines of demarcation in the SLA, including establishing problem resolution in the event of network downtime.
  • Ensuring the inclusion of HIPAA-compliant breach notifications.
  • Establishing regular and effective communication between internal IT teams and the external cloud provider.
  • Scheduling reviews of the SLA to incorporate changes to contracts based on the experience with the provider.
  • Setting fair penalty clauses and creating redundancy to mitigate these risks.

Establishing these service-related benchmarks are necessary prerequisites to any cloud migration. If your provider is reluctant to have these conversations, consider revising that cloud partnership.

Creating a safer cloud deployment

The cloud provider is only one part of the security puzzle. Internal IT teams within health care organizations also own a responsibility to address cloud security concerns during migration, including:

  • Capitalizing on the opportunity to understand and make key decisions about the data being migrated — this change in storage location offers the chance to categorize, consolidate, and reorganize information into better data architectures.
  • Leveraging security automation, whenever possible, should be a standard part of most cloud deployments. IT should work within security configurations to allow software to do the heavy lifting. This will make the network more secure.
  • Establishing new end-to-end architectures addressing employee mobile phones and other devices, as well as two-factor authentication for added security.
  • Safeguarding medically-connected internet of things (IoT) applications by creating an airtight method for integrating data from these devices.

When CIOs read about “cloud computing”, they often wrongly associate the process with that of the public cloud. Health care deployments, however, typically encompass secure, HIPAA-compliant hybrid private cloud models that offer complete redundancy. Cloud data migration allows security-driven organizations to replace outdated configurations in both hybrid and full cloud models as part of the audit and go-live process.

Post going-live

Cloud migration doesn’t end when the last file is cloud-accessible. The hard part is ensuring anyone using cloud services in the business understands how to access the system, their security responsibilities, and the value the system brings. Creating a security-conscious workplace includes engaging the health care work force in post-launch testing to include application performance and security protocol checks.

To explore cloud migration benefits for health care providers and mitigate your risk, contact us.

Related Content:


About the Author

Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.