How to keep health data safer in the cloud
The illusion of control is tempting, even intoxicating. It’s also a common characteristic that almost all humans manifest to one degree or another as we work to satisfy competence motives, the need for security, survival instincts.
Because proximity often feels like control, it might also get in the way of secure healthcare IT.
“Files stored in reliable cloud services are some of the most secure files you can have, provided you have good passwords,” says software engineer John Miller, PhD. “Google, Microsoft and Amazon all provide reliable cloud services for consumer file storage.”
What, in particular, makes cloud storage superior, according to Miller?
Redundancy: The chances of losing the same data saved in at least a couple of different places are low.
Security: Keep passwords and access to local machines safe and you’re in good shape. Data centers are not easily hackable and very difficult to physically penetrate.
Safe sharing: Trusted individuals can get “read” access to data without having to deal with security risks like thumb drives and file copies.
Still, it’s a mistake to think that Amazon or Google can be entrusted with all security precautions. Healthcare IT vendors are active players in making sure systems are secure. When shopping vendors or considering a move to the cloud, have a conversation that includes these specific concerns:
Risk: How much risk will you be comfortable with? While an organization could choose to lock its system up tight, there is a tension between system security and ease of access. Find a balance between the two. In striking that balance, ask for assessment process documentation that includes establishing a risk threshold and effectively managing potential security issues related to third-party vendors.
Cloud security tools: It’s not wise to rely exclusively on cloud vendor security, but it is also unwise to reject any inherent security they provide. Document succinctly what is part of the cloud service and what the healthcare IT vendor layers on. Two-factor or multi-factor authentication, now widely used, may be one example of a security protocol built into the cloud vendor package.
Responsibility: It will be vital that organizations ask relevant and pointed questions about responsibility across all three spheres: the cloud vendor, the healthcare IT vendor and the organization. Evaluate documentation that describes what security measures come from each and how they complement one another. It’s critical that an organization understand whether there are any holes in the security mesh it’s looking to create.
One of the more challenging aspects of moving to the cloud for many healthcare organizations is an uncertainty about what questions to ask. Too often, hospitals and other healthcare organizations may be tempted to just say, “That’s your area of expertise. Make it work.”
It will benefit these organizations in the long run to probe and make their healthcare IT vendors defend and quantify their security approach.
And what, at a minimum, should that approach include?
- A design philosophy: It may go without saying that a healthcare IT vendor has had to work HIPAA and HITECH considerations into their design approach, but an organization will still want to see documentation detailing exactly how. Protecting patient data, for example, will require that the data be isolated via network layout from other customer instances. Live and back-up systems should be geographically separate in case of catastrophe. And network access controls should be layered at multiple levels so easy access is impossible. Again, find the right amount of tension between access and security.
- Access control: The security of a system will be preserved because everyone in the organization adheres to access protocols. Communication between the clinical site and the cloud location should be transported via an IPsec virtual private network (VPN). End users will transparently use the VPN to access system applications in the cloud. Multi-factor authentication for user access and constant system monitoring are both big steps toward a system that’s hard to breach.
- Encryption: Make sure that patient data is encrypted both in transit and at rest—in other words, when it’s sent across the VPN and when it is stored in the cloud. All operational, backup and log data should be encrypted using, at a minimum, the FIPS 140-2 compliant AES-256 standard. Ask about the encryption standard and for documentation of the protocol for moving to newer, more rigorous standards.
- Disaster recovery/business continuity: One of the strongest and most obvious arguments for moving to the cloud is the availability of disaster recovery and high availability backups. While unlikely, a disaster could destroy both the live and backup systems if both are in the same place, so ask if they are geographically distinct. You will want primary-to-secondary data replication to be constant, and hourly system snapshots should also be provided in the event of extreme situations. Also, make sure the disaster recovery site is ready to take over organizational operations at the drop of a hat if necessary.
Ultimately, while cloud security makes organizations no more vulnerable to breaches than they are with an onsite data center, there are better and less good ways to approach the cloud. A hybrid model, for example, of some local servers and some cloud hosting actually creates more vulnerabilities than a strictly public cloud approach. The goal is to have fewer, not more, access points that could be breached.
“To be fair, much of the common perception of cloud security—or insecurity as the case may be—is just myth. Pervasive myth, but myth nonetheless,” says Tony Bradley at Forbes.
And it’s a myth many organizations now benefit from having banished. So, while you’re cleaning out the closet of long-held but possible incorrect beliefs like the illusion of control, just toss cloud insecurity on the trash heap as well. When managed with the same level of care as local data centers, the cloud offers clear advantages.