Encryption is mandatory for healthcare data
More hospitals are turning to cloud-based services to store their data. They want to tap into the existing infrastructure and convenience, not to mention reduced costs and lesser maintenance hassles that come with this transition.
That’s not all. The data that is stored on the cloud can be analyzed quickly to get meaningful insights. For example, it’ll be easy to know the rate of child obesity or the demographic groups that are more vulnerable to diseases like diabetes. With such deep insights, providing care will become streamlined and focused. At the same time, the government and the healthcare industry can come together to create a way to prevent such diseases from plaguing those demographic groups.
In fact, the above situations are just a tip of the iceberg as cloud storage and analytics opens the world for all kinds of possibilities in the medical world. Little wonder that more companies are moving to the cloud to leverage these benefits.
To cater to this growing demand from hospitals to store and analyze patient data, many companies have setup public healthcare cloud. But how safe are these cloud services?
A report called Cloud Infrastructure Security Trends released by cybersecurity vendor RedLock shows that 31 percent of databases in public healthcare clouds are easily accessible over the Internet and 40 percent of organizations have one or more cloud storage services exposed to the general public. In fact, this study looked at multiple verticals and were able to access 4.8 million records that includes many sensitive data about patients.
You may wonder what happened to the many privacy regulations including HIPAA?
HIPAA lays down certain regulations when it comes to public healthcare cloud, of which, a primary one is to ensure that the data you store is safe. Though these healthcare clouds have to comply with these regulations, it’s not completely foolproof. HIPAA as such faces many challenges, so the onus is on you to take measures to protect the safety and integrity of your data.
One way to ensure that your data is safe is to keep it encrypted. The report further states that 82 percent of databases are not encrypted, so the chances for accessing information with low to medium effort is fairly high. As a hospital authority, you have to make sure that all your data and databases are encrypted. This should be one of the most important aspects that you should talk about before signing a contract with a service provider.
Another option is to go with a zero-knowledge provider. If you’ve never heard this term before, don’t worry as you’re not alone.
Zero-knowledge providers are those that encrypt your data using AES algorithm and only you have the key to decrypt them. In other words, no other person other than you, not even the employees of your service provider or any other third party such as your Internet Service Provider or the NSA can access your data. Since this service doesn’t even store your username and password, you can ensure that you’re records are safe.
That said, not many zero-knowledge providers are out there and even among those, not many abide by HIPAA regulations. All this means, you’ll have to put in more time and effort before you park your healthcare data online.