Digital security in the cloud for healthcare providers

In the Summer issue of AHHB we featured the article ‘Digital Disruption’ in response to the wave of new technologies bringing us closer to the fully digital hospital. E-health and telemedicine are taking centre stage and bringing patient data into the spotlight. In this issue, Andrew Tucker, CEO of ITonCloud, joins us to discuss patient record security and whether the answer is in the cloud.

What are the implications of data breaches for hospitals and aged-care facilities?

No-one wants a data breach to happen but unfortunately it does. The implications for hospitals or aged-care facilities would be devastating if they have not taken the correct steps to ensure the security and privacy of their clients’ data.

If there was a breach, there would be an investigation into how the breach took place, which could be human error or take the form of social engineering whereby a disgruntled employee has maliciously taken the data and made it available. It would also be considered whether the company in question has taken enough steps to protect its clients’ data from being hacked from outside.

Unfortunately, whether your data is held on premise or in the cloud, it is always vulnerable to the outside world.

While the cloud promises reduced investment in hardware and personnel, why is it often perceived as being less secure than other forms of storage?

Your on-premise protection will never be as sophisticated or have the level of security of a reputable cloud provider. If there is a breach, it is quite often the user that is at fault without even knowing it. They have either not applied a high enough level password to their cloud storage or in many cases no password at all.

There is no one place that is 100% secure, but what I can tell you is that a reputable private cloud provider or the likes of the big three (Google, Microsoft and Amazon) have taken measures beyond the majority of businesses with on-premise storage to ensure that the data is safe.

Medical privacy in the cloud is protected by encryption. Can the data be compromised through human error?

Encryption is vital and if managed correctly in a private cloud then human error is a lot less likely. The system would automatically be doing the encryption without the need for human intervention.

Should you be saving your data into one of the commercial cloud storage offerings, then encrypting the data would be your responsibility prior to uploading the files. This is where data could be compromised through human error.

Again, there are a number of applications that one can use in a private cloud to send data between users in a secure encrypted format. This means that only the correct and authorised person is able to read the data and it remains secure at all times.

Questions to ask before investing in a cloud platform

Normal due diligence would be followed when choosing a cloud provider but here are some important points to bear in mind.

• Reference checks. Does the provider have other clients that have sensitive data?
• Have more than one point of presence. In other words, does the provider have more than one data centre? This speaks to their ability to ensure uptime and should there be a failure to triage restoration for non-disaster recovery customers.
• Upfront set-up costs — there should not be any. If money is needed for set-up then all you are doing is financing the purchase of equipment for the vendor. This is a no-go, as you want to be going into an environment that is up and running. Why? This mitigates the teething problems of building from scratch. In a pre-built environment everything is tried and tested.
• Control panel. This is not only for IT but also for the business as a whole. A smart, easy-to-use control panel means you have control of your users with a click of a button. This eradicates finger problems and improves the following: onboarding of new staff through a link to the HR system, spelling mistakes, errors and wrong groups.
• Unlimited support. If the cloud platform is tried and tested then support calls should be well and truly under control. Offering unlimited support should be a given.
• NO contracts. A cloud provider should show confidence in its offering and this is one way to ensure that they do. Do not sign long-term contracts.

Andrew Tucker is the CEO of ITonCloud, which helps businesses simplify and automate their IT systems by leveraging the cloud. Andrew has more than 20 years of experience as a successful business owner and passionate entrepreneur. His goal has always been to build and drive ventures to deliver unmatched service levels, customer value and trust.

Image credit: ©stock.adobe.com/au/Melpomene