The global cloud computing market grew to $156 billion in 2020, six times what it was in 2010, and it’s expected to reach $623.3 billion by 2023.

Cloud computing is defined as the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Many industries, including health care, are utilizing it. Almost 95% of enterprises use the cloud, including 83% of health care organizations. One of the primary reasons is being able to access data from anywhere.

Many health care enterprises employ cloud computing for electronic medical records (EMRs), mobile health (mHealth), patient portals, data storage and more. It allows for easier management of data security, offers less risk of costly downtime and provides on-demand access to IT services and infrastructure.

Additional advantages include better resource utilization; enhanced agility, scalability and reliability; improved backup and disaster recovery capabilities; decreased expenditures through the reduction or elimination of IT equipment and storage space; and remote access to patient data in the event of an emergency.

By employing cloud-based technology, health care enterprises negate the need for a large IT staff to implement or maintain on-premises software and equipment, a cost savings that can be applied to solutions that maintain high-quality patient care. They have the ability to more easily share with patients important information on preventative care, medication adherence and post-hospitalization care plans.

Cloud computing also gives health care enterprises a cost-effective method for achieving and maintaining compliance with regulations of the Health Insurance Portability and Accountability Act (HIPAA). A lack of compliance with HIPAA and other government rules and regulations can result in costly civic and/or criminal penalties, a damaged reputation and decreased patient satisfaction.

Cloud computing challenges

Investing in cloud computing doesn’t come without risks, one of which is cybercrime. Health care is the second-most cyberattacked industry, with most attacks resulting in data breaches. Only about half of data breaches result from criminal or malicious intent, with the rest attributed to human error, negligence, system glitches and stolen devices.

Cyberattacks have been rapidly rising during the COVID-19 pandemic. According to the FBI, cybercrime complaints climbed from 1,000 to 3,000 to 4,000 daily in 2020, resulting in an estimated loss of $945 billion.

Health care enterprises are especially at risk for costly health care breaches because many of them create, receive or transmit protected health information (PHI). In cases where a HIPAA breach compromises protected health information (PHI), the average cost is $7.79 million.

In addition to HIPAA, health care enterprises are tasked with complying with data storage and access regulations for the Payment Card Industry Data Security Standard (PCI-DSS) and Health Information Trust Alliance (HITRUST) Service Organization Control (SOC) certification standards. Doing so can be challenging because it requires them to keep communication secure, protect mobile devices, address outside threats and stay aware of a changing regulatory environment.

The Ponemon Institute lists some other security risks of cloud services, including:

  • Loss or theft of intellectual property
  • Loss of control over end-user actions
  • Malware infections that unleash a targeted attack
  • Contractual breaches with customers or business partners
  • Data breach requiring disclosure and notification to victims

Steps to ensure cloud security

Although achieving cloud security can be a complex process, it’s essential for health care enterprises. Following are eight tips these enterprises can follow to promote a secure and compliant cloud environment:

  1. Conduct a comprehensive risk assessment to identify, address and correct any security weaknesses. The Healthcare Information and Management Systems Society (HIMSS) notes that risk must be gauged based upon factors like the probability of occurrence, impact on the organization and the prioritization of the risk, and should be conducted or reviewed regularly at least once per year.
  2. Perform a cloud readiness assessment and cost-benefit analysis, including an inventory of current IT systems and applications to determine which would provide the most benefits with a move to the cloud.
  3. Establish and maintain documented processes, policies and procedures for achieving cloud security and compliance. Develop a plan for dealing with a cyberattack if it occurs and test it regularly.
  4. Back up data regularly, especially PHI.
  5. Routinely educate and train staff on cybersecurity.
  6. Define access authorizations for all enterprise devices by regularly reviewing access permissions, keeping track of what devices employees are using to access PHI and verifying that PHI and other data is encrypted in transit and at rest.
  7. Monitor all smart medical devices used by employees to ensure they contain firewalls and anti-virus protections. Consider utilizing email encryption technology, two-factor authentication and single sign-on (SSO).
  8. Require any vendor partners to verify the risk assessment and management policies and procedures they use.

At MLS, our platform and portal are HITRUST CSF-certified, demonstrating our commitment to maintaining the highest standards for health care cybersecurity.

Our IT infrastructure includes a secure, virtual and private cloud computing network and in-house management and maintenance of all networks, servers and data storage. Data-in-transit always is encrypted using a variety of methods, including SSL, TSL, and 256-bit encryption. Contact us to learn more.
Achieve the Benefits of Cloud Technology Without Compromising Security