Close Server: KOPWWW05 | Not logged in


The Case for Cloud Technology to Prevent Data Breaches

Three attributes that make the cloud a solution for, not a risk, to PHI security

On the topic of hosting healthcare data in the cloud, the consensus among CIOs is practically unanimous: it can be done at a speed and scale simply unheard of with onsite servers. Shift the conversation to securing data in the cloud, however, and opinions are more polarized -- especially concerning data that's protected health information (PHI). Some organizations simply don't trust the idea of housing this data -- which by law, must be kept private and secure -- away from their internal operations.

But is this stronger faith in on-premise security really warranted?

Based on the frequency of healthcare data breaches and their staggering cost, the answer would clearly seem to be "no." In fact, data breaches continue to cost the healthcare industry dearly; one estimate by the respected Ponemon Institute puts the price tag at around $6.2 billion. The institute also found that most of the organizations it surveyed had experienced a breach. Now consider that breaches are only intensifying in their malevolence, with ransomware and medical device hacks being two of the most ominous examples.Data Breaches

Clearly, healthcare has a technological epidemic on its hands -- and would be ill-advised to look to legacy IT infrastructure and security approaches for the solution. Across the healthcare landscape, IT infrastructure lags years behind other industries, and a mass modernization, at least internally, is unlikely. Many IT budgets, drained from funding electronic health records systems, are either stagnant or decreasing. Finally, with today's alarming advances in cyber-attacks, a "one size fits all" approach to security just doesn't work (and probably never did).

So with that, let's take a closer look at three attributes that make the cloud a solution for, not a risk, to PHI security.

Centralizing Visibility and Control in the Cloud
With the advent of digital health records, patient data has proliferated throughout different departments, applications, folders and files. Often, there is no reliably updated list at hand that identifies exactly where this invaluable and highly threatened data resides -- or who has access to it. Further, the very nature of having this data siloed off into so many locations, each with their own security policies, increases the opportunity for a serious breach.

By contrast, hosting and securing data in the cloud gives administrators a centralized window from which to keep tabs on PHI, including who is accessing it in real time. It also gives them a centralized control panel, so to speak, from which to apply security measures across the enterprise.

SEE ALSO: Managing IT in a New Era of Healthcare

Circling back to insight into PHI inventory -- the migration of data from on-premise servers to management by a third party cloud services vendor is often kicked off with a rigorous risk assessment of data, which should include a complete inventorying of PHI. This is a key step in assigning access controls to data that, by law, must be kept private and secure.

Security by Design
Today's cloud security tools enable security designed around a healthcare organization's unique workloads and needs -- as opposed to the old "one size fits all" approach earlier alluded to that often spells trouble for organizations. With a comprehensive list of PHI inventory that's easy to access and update, for example, measures can be taken to apply the right security safeguards for each location, from staff access controls to configuration measures. Meanwhile, adherence to these safeguards can be better monitored from a central cloud "console."

It's worth noting that cloud security is also more sophisticated in its capabilities, such as an ability to apply "polymorphic" encryption in which the same encryption key is never used more than once.

On-Demand IT Security Expertise
A cloud provider's resources and availability of top-tier talent are powerful motivations to move to a cloud-hosted solution, especially given today's difficulties in adequately staffing enough IT security professionals. The key is partnering with a cloud provider that understands the nuances and regulatory implications for the healthcare industry, plus health system operations. This can provide more consistent -- and thus greater -- breach security than what has been historically available from on-site IT operations.

That said, the healthcare organization doesn't give up control of the data. It's just that the focus is shifting from managing this data in-house to communicating requirements and managing the relationship with the cloud provider.

Looking ahead to healthcare's future, it's not just medical records that are going digital. Virtual care, patient portals, online patient "waiting rooms" and other patient experience apps are taking healthcare straight to the internet. These new conveniences can only be offered by providers that have the right infrastructure -- scalable, flexible and a fortress from cyber-crime. And only the cloud offers all three.

Matt Ferrari is Chief Technology Officer for ClearDATA. He can be reached at

You Might Also Like...

The Ransomware Threat

By pursuing software development teams, hackers may have found a soft target with the potential for high payoff.

How Hospitals Can Prevent Cyber-Attacks

Employee training and other safeguards essential for avoiding cyber attacks and breaches.

How Cyber Attacks Complicate HIPAA Compliance

The financial incentives for hackers who steal health information are growing dramatically.

Becoming Breach Prepared

There are several best practices to consider when responding to a breach of healthcare information.

Articles Archives


Email: *

Email, first name, comment and security code are required fields; all other fields are optional. With the exception of email, any information you provide will be displayed with your comment.

First * Last
Title Field Facility
City State

Comments: *
To prevent comment spam, please type the code you see below into the code field before submitting your comment. If you cannot read the numbers in the below image, reload the page to generate a new one.

Enter the security code below: *

Fields marked with an * are required.

View New Jobs, Events and More


Back to Top

© 2017 ADVANCE Healthcare, an Elite CE company