Health Care Information on the Cloud—or Anywhere. Is It Really Safe?

Why is it even on the cloud? If it is unsafe, can it be made safe? What can I, as a business owner or business manager, do about it?

by Jerry Adcock

The short answer is that all depends on the people that host the data, access the data, and that own the data. The long answer is a little more complicated. Why the concern, though? Why is it even on the cloud? If it is unsafe, can it be made safe? What can I, as a business owner or business manager, do about it? Those questions and more will be answered in a 3-part series.

First, why this is a concern? Health information contains an incredible amount of personal and confidential information. It typically contains the patient’s social security number, address, phone, email, insurance provider, and medical history including a detailed history of office visits, lab tests and prescriptions. This is a treasure trove of information. And it’s all kept in one place, along with thousands, tens of thousands, or even millions of other health records. With this kind of information, an identity thief can make a lot of money with very little effort. Additionally, with all this info in one place, it becomes a single point of failure.

That single point of failure is a huge concern for healthcare companies. An attack on that sensitive data might come through a poorly configured firewall, an email embedded with malware, like ransom ware, or through careless or even negligent employees accidentally browsing to a nefarious web site. That gold mine of information is then put at risk with one single entry point: perhaps an employee clicks on a link from Apple that states a purchase has been refunded to their account and ransomware is launched, encrypting their entire hard drive. The medical facility is then faced with a choice: take the chance that they can somehow quickly restore the integrity and availability of the data, or pay the ransom and avoid any potential litigation arising from not being able to access patient information.

But that begs another question: Why is our data even on the cloud? Shouldn’t it be in the hands of the medical facilities that own the data? Wouldn’t it be safer there? There are a lot of factors that have driven data to the cloud, but probably the two most significant are economy of scale, and cost.

With data in the cloud a medical facility can rapidly increase their computing power, storage, or ability to electronically service patents for a small monthly fee, instead of doling out thousands of dollars on new servers and the accompanying infrastructure. Flip a switch, metaphorically speaking, and the new systems are online. On-site IT staffing requirements can be reduced, instead of always trying to keep up with the latest and greatest software and hardware, that cost is largely offloaded to the hosting company. And with the right platform, patient data can also be mined for meaningful patterns to help predict trends and direct business decisions. Health information can be sanitized, stripping it of all personal identifiable information and then sold to a research college, research company, or a marketing company.

The data mining possibilities are staggering. Imagine local hospitals being able to pool their resources and react, within hours, to a significant health concern based on current and historical data. With much more primitive tools, this is exactly what Dr. John Snow did with Cholera in 1854 in London.

Does it not make sense why so much of our health information is computerized and why so much of the computerized data is kept in the cloud? Which brings us to our main question is it really safe on the cloud? More on that later.

Jerry Adcock is a freelance writer with 20 years of embedded systems engineering experience.

Disclaimer: The viewpoint expressed in this article is the opinion of the author and is not necessarily the viewpoint of the owners or employees at Healthcare Staffing Innovations, LLC.