- Data security is critical for any healthcare organization, and as technology continues to evolve, more entities are beginning to look to cloud computing security options.
However, in a highly regulated industry, organizations cannot choose a cloud vendor simply for the sake of having one. Healthcare cybersecurity threats are becoming more sophisticated, and as such, covered entities have to find solutions that optimize workflow and keep sensitive information secured.
HealthITSecurity.com reviewed some popular companies that offer healthcare cloud security options. It is still important though for healthcare organizations to conduct their own research and opt for storage and security needs ideal for their operations.
Amazon Web Services Cloud (AWS) can assist healthcare providers as they look to migrate into the digital world. AWS helps organizations stream data into the cloud, store it directly in the cloud, apply cloud-based analytics, and even send the data to a mobile or web dashboard. Moreover, AWS can assist in creating HIPAA-compliant applications, so organizations can process, store, and transmit personally-identifiable patient data. AWS will also provide a BAA so organizations understand how their HIPAA obligations will be shared with AWS.
The secure content management and collaboration platform Box offers healthcare organizations options in data sharing, collaboration, research, and mobility. Specifically, Box can help covered entities increase their mobility while staying HIPAA compliant. Along with signing BAAs with its customers, Box also has administration tools and reporting, integrates with DLP, MDM, and SSO partners. There are also options to remotely monitor patients by taking photos or video. From there, entities can securely share them with clinicians and caregivers.
Certified by HITRUST, ClearDATA is exclusively a healthcare cloud computing provider. ClearDATA offers customers security and compliance services in AWS environments, as well as a cloud infrastructure optimized for critical healthcare workloads. Organizations also have the option to manage multiple cloud environments from a single portal. ClearDATA also utilizes a data siloed platform, with data warehousing capabilities that eliminates barriers in order to improve secure access to data. There also advanced PHI safeguards to help eliminate data breach risks.
The Dell Secure Healthcare Cloud assists organizations in staying HIPAA compliant, and helps them prioritize patient privacy, data security measures, and creating disaster recovery plans. Dell is compliant with medical device regulatory requirements (ISO13485:2003 certified), and utilizes Single Sign-On (SSO) and Message Passing Interface (MPI) features. Clinicians can stay mobile, as there are options for mobile device security. Dell also features a healthcare-specific, multi-tenant cloud.
EMC also offers healthcare-specific solutions for the industry, such as image and content management, mobile, and backup and recovery. The EMC Hybrid Cloud also helps organizations reduce IT costs and allows them to reallocate cost savings to other initiatives. The mobile health options are also ideal for integrated delivery networks, physician practices, and radiology centers. Furthermore, the image and content management portion helps facilities facilitate sharing and improve interoperability.
The Google Cloud Platform conducts independent audits, specifically testing for privacy, security, and compliance controls. This includes ISO 27001, ISO 27017 (cloud security), and ISO 27018 (cloud privacy, privacy). Google Cloud Platform will also enter into a BAA with organizations. It also offers EU model contract clauses for customers subject to the EU Data Protection Directive. The platform security features also include secured service APIs and authenticated access, data encryption, and intrusion detection.
IBM Cloud has a hybrid cloud integration model, and also utilizes open technologies, and data and analytics. IBM SaaS services are also compliant with the ISO27002 standard. The IBM security policy also includes encryption and key management, as well as a security incident management system. IBM Security can also assist organizations bridge their existing security investments with the latest technologies for an integrated system. Device, app and content management are also combined in IBM enterprise mobility management.
Iron Mountain, Inc.
Iron Mountain helps organizations automate their cloud services, and also learn how to safeguard data against disasters, equipment failure, and human error. Data can be kept secure in mirrored underground facilities, service level agreements can help improve data availability. Organizations can automatically and continuously execute backups, either via the internet or their own network. Moreover, transport and storage devices are fully encrypted. A disaster recovery option also helps reduce data center space, infrastructure and IT resources.
Azure Cloud Services through Microsoft can help organizations develop, package, and deploy their apps quickly. Additionally, the cloud services will deploy applications and ensure it stays readily available during crashes and failures. Traffic will be redirected so operations can continue running. There are also automatic operating system updates, which helps keep the system secure without downtime. When it comes to data storage, there are options of standard authentication mechanisms, client and server-side data-at-rest encryption, or limited access rights to data.
VMware also has cloud options, helping organizations in on-premises and off-premises resources, extend infrastructure and apps to the cloud, and also assist in managing infrastructure services across the hybrid cloud. Virtual desktops can also be deployed, which can help entities be more mobile. There is also the option to utilize Windows desktops, applications and online services to end users. This can be done across virtual datacenters, virtual machines and physical devices.