In light of the massive data security breaches in the news, like the one at Anthem that compromised approximately 80 million individuals’ personal information, and the one at UCLA Health System that affected 4.5 million people, healthcare organizations continue to be reminded of the challenges of protecting Patient Health Information (PHI) and other sensitive data.
As the digital revolution of healthcare information systems continues, the advantages of cloud-based solutions have made them a mainstay in healthcare organizations. The move towards a cloud platform rightly gives rise to questions about the security infrastructure of these solutions. However, given the maturity of cloud-based platforms and historical adoption in other industries such as finance, telecommunications etc., cloud-based applications have matured over time to adhere to stringent security demands of the healthcare domain.
Distorted, Perceived Risk
The perceived risk of data security in the cloud has been inappropriately distorted due to focus on where the data is stored. Many perceive on-site applications to be less risky in comparison. There is a natural sense of security when organizations have a tangible method to store data on site, whether it’s on employee computers, folders, or housed servers.
However, regardless of on-site or cloud-based solutions, security attacks occur by finding vulnerabilities. Building an IT infrastructure that is security-conscious and security-focused is more important than whether it is on site or on the cloud. In healthcare, this typically means taking into consideration compliance, auditing, and other regulations to ensure that your security approach adheres to the law and reflects best practices. One advantage of moving the data into the cloud is that the risk of losing hardware with data is significantly reduced – applications on laptops no longer have PHI that can be lost or stolen.
Efforts to prevent data breaches should be focused on access, rather than location. Secure access includes both authentication and authorization measures for restricting access to confidential data. These technical safeguards can protect against various intended and unintended uses and disclosures of PHI by permitting and verifying only authorized users to access electronic health information. Moreover, the demand for timely information to serve patients to a higher standard of care requires care providers to have and access information away from their desk. Additional layers of authentication and access would need to be implemented to maintain a robust level of security for authorized access outside the organization’s VPN.
In addition to these safeguards, redundancy needs to be a core competency of data infrastructures. Healthcare IT teams can protect against data loss with redundant data on content servers, database servers, and web-servers to ensure the integrity and recoverability of confidential patient information. Storing data within the cloud guarantees data redundancy and scalability with no impact on performance and speed. Redundancy is an amenity that can also be achieved on site, however, this would require a much more costly process to implement and maintain.
Security with Viewics
Viewics provides a cloud-based analytics solution with data security as our priority. Our solutions are HIPAA-secure and encrypted using latest industry-standard algorithms. All communications within the Viewics system are encrypted during storage, as well as during transit. The Viewics application is built and maintained in a manner that ensures the right access to the right individuals. Individuals are properly authenticated and may access data if they are appropriately authorized. Access to data may be also be controlled from a modular level down to a granular row or column level with the ability to grant or deny specific access to PHI data.
Access may also be restricted by function, thereby ensuring that administrators are able to perform their jobs without ever needing access to sensitive PHI data. The Viewics architecture contains redundancy measures that ensure constant data availability to end users, while simultaneously maintaining robust data security at all levels. In addition, activities and usage of the data are tracked and available for audit measures.
It’s difficult to invest your organization’s limited resources to combat against the range of sophisticated security threats. Relieve your worries, and spend more of your time focusing on taking care of patients, while Viewics serves your data analytics and security needs. Learn more at www.viewics.com