Healthcare Information Security

Cloud News

Approaching the Top 5 Healthcare Cloud Security Concerns

Network reliability, total cost of ownership, and service level agreements are just a few healthcare cloud security concerns that organizations may face.

cloud security

Source: Thinkstock

By Bill Kleyman

- In working with a variety of healthcare organizations, there’s still some hesitation when it comes to moving into a cloud ecosystem, with several healthcare cloud security concerns coming to light.

Before we go too much further, I’d like to disrupt that paradigm and let you know that, when deployed properly, cloud can be a powerful ally for a healthcare organization.

Just a few years ago, HIPAA compliance was a cloud nightmare. However, the HIPAA Omnibus Rule, which was finalized in January 2013 and went into effect on March 26, 2013, improved patient privacy protections, gave individuals new rights to their health information, and also strengthened the government’s ability to enforce the law.

From there, data center and cloud leaders have heard the challenges coming from healthcare providers and have worked hard to ensure that the transition into cloud is both smooth and secure.

With all of that in mind, moving your applications or data into a cloud doesn’t mean working with the large providers alone. For example, NTT Communications and its data centers have successfully completed an independent examination of its data center Information Security Program for Colocation Services Related to HIPAA and HITECH.

READ MORE: Cloud Adoption Slows from Lagging Cybersecurity Skills

From a public cloud perspective, AWS and Azure offer great healthcare cloud options as well. For example, Azure is certified to the Health Information Trust Alliance Common Security Framework. Furthermore, Microsoft offers HIPAA Business Associate Agreements (BAAs).

Finally, for specific kinds of workloads, AWS offers quite a few options. This includes options for genomics, biotech & pharma, and even options for healthcare providers & insurers.

If you’re in the healthcare field, don’t shy away from healthcare cloud options. There are some great options out there to help you make your healthcare services a lot more agile.

Still, despite these advances, there are concerns around data, management, and finding value in working with a data center or cloud partner. So, let’s look some ways to overcome these challenges.

In the latest AFCOM State of the Data Center report, we learned about several concerns when implementing a cloud solution. I’m sure you won’t be surprised by the top item. However, there are great ways to ease your concerns and still adopt a powerful cloud strategy.

  1. Security of company data. There’s no escaping this one. Healthcare data security is extremely valuable and only increasing in value. Ponemon Institute recently calculated the average healthcare data breach costs to be $380 per record. While the average global cost per record for all industries is $141, healthcare data breach costs are more than 2.5 times that global average. So, what happens when you try to put this data in the cloud? To be quite clear, as long as you design your cloud, infrastructure, and connectivity properly, that data can be very safe. As I mentioned earlier, data center and cloud leaders are actively working with protect healthcare information and present compliant services for healthcare offerings. If you’re still concerned about your data, talk to a cloud or data center partner that specialized in migrating healthcare workloads, applications, and data into their infrastructure. I have several great use-cases where we’ve designed hybrid cloud architectures while still meeting HIPAA compliance requirements. I’m sure major cloud and data center providers have even more great use-cases as well.
  2. Total cost of ownership. It’s true, if you don’t design it properly, cloud can be expensive. Many organizations found this out the hard way during early implementations around cloud computing. However, architecture and cloud design has come a long way. We can granularly identify which data points, workloads, and even users should live in a cloud ecosystem. We can gauge usage, data requirements, and even data locality based on your requirements to create the best possible pricing model. There’s a sense of maturity when it comes to working with data center or cloud partners. I highly recommend you leverage these advancements in the industry. You can carefully plan your own deployment, understand where you’ll need more resources in the future, and ensure that you incorporate agility into the entire process.
  3. Network reliability (latency, performance). This is a really important point. And, I can completely understand how this can be a barrier to cloud entry for a healthcare organization. In some cases, applications are supporting standard backend healthcare processes. In other cases, key applications and data sets are required to save lives. So, if your network isn’t reliable, you’ll have some serious limitations in terms of the kind of services you can deliver. And, with more connected healthcare systems and advancements in things like telemedicine, there’s literally no room for an unreliable network, latency, or jitter. This concern largely revolves around design. You’ll need to take data proximity, where access is happening from, and the importance of the application or data set when you create your own design. Remember, in today’s fast-paced healthcare world, ‘slow is the new down’ where you absolutely need to make sure key applications and workloads are available. You don’t have to be concerned about this as long as you work to include network reliability largely in your architecture.
  4. Reliability of cloud data storage. There are a lot of storage options out there.  You can leverage primary storage, cold storage, and even archival storage for various data points. From there, you can select the type of storage you require and where data will reside. Like our previous point, working with data is critical and you’ll need to understand locality and data sovereignty requirements. Cloud and data center providers that are ready for healthcare workloads can help you keep data where you need it and access it appropriately. That said, make sure you can access your data reliably and that performance metrics are met. My big recommendation here is do not look at price alone. If you need the extra boost or performance, make sure you account for that. Poor performance or storage latency will end up costing you much more than just investing in good technology solutions to begin with.
  5. Service levels. I can attest that creating good SLAs when we’re talking about healthcare in the cloud and data center space can be a sticking point. In many cases, there are a lot of components that will require good service level structure. If you’re thinking of moving into cloud, or even if you already have a healthcare cloud instance, make sure you have a deep understanding around your critical systems. That is, can you live without a certain app? How long can you be without a certain data service? Or, what happens if a part of the environment goes down – is there a backup? My other big recommendation is to periodically evaluate your SLA agreements. Your company, applications, and data are constantly changing. Your SLA should evolve with your requirements as well.

READ MORE: Cloud Computing Security Vendors for Healthcare

There were several other items on that list including migration challenges, compliance, ownership of data, and even working with specific skillset requirements. If you have a cloud journey in mind, you don’t have to go at it alone.

First, working with a good partner can help you align your own strategies and create a clear vision for migration. From there, you can work to ensure that you manage all your data points and support a smooth transition.

Working with cloud and healthcare does not have to be a nightmare scenario. In fact, leading healthcare organizations are those that embrace advanced solutions and work with organizations that can support their healthcare initiatives. Take the time to better understand your own strategies and design a cloud model that fits your needs.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...