|Articles|June 5, 2019
Key Considerations for Securing Your Digital Healthcare Cloud
How edge-to-cloud storage could benefit health systems.
Advertisement
Healthcare organizations are under financial strain as the costs of patient services rise. From an IT perspective, the exponential growth of patient data and the need to comply with privacy and data security requirements are driving fundamental changes in the way healthcare providers work. New IT technologies, such as digital health and cloud-based services, are helping organizations to do more with less.
Cloud business transformation enables healthcare organizations to achieve compelling cost savings, meeting their needs for greater business flexibility and a secure unified platform for managing patient data.
Recent market research suggests that the cloud model is an increasingly appealing IT strategy for healthcare decision-makers. According to
However, alongside these benefits, transitioning IT operations to the cloud also introduces several new storage, management and security challenges. This article examines a few key challenges and offers guidance for healthcare organizations migrating to the cloud.
Dissecting the Healthcare IT Challenge
Explosive Data Growth
Healthcare organizations face an ever-growing deluge of data that must be stored, managed and protected. Patient data, contained in tools such as EMRs (electronic medical records), EHRs (electronic health records) and PACS images, are increasingly scattered across distributed remote locations — both in file servers and on endpoint devices such as user laptops and smartphones.
The unprecedented growth in patient data, driven by the adoption of new digital technologies such as sensors and wearables, together with long data retention requirements (HIPAA stipulates six years), demands elastic file storage capacity. The cost of scaling and upgrading traditional network-attached storage (NAS) appliances to meet this massive data growth is no longer viable. To reduce their rising storage costs, healthcare organizations seek to migrate from local file storage to cost-effective and scalable cloud storage.
Ransomware and Other Security Threats
It’s no secret that healthcare has been a prime target of
This vulnerability is reflected in the headline-generating
In 2018, for example, Hancock Regional Hospital in Indiana paid around $55,000 in bitcoin to
On the other hand, hospitals with effective data backup and disaster recovery systems in place were able to weather these attacks without compromising data and without paying the ransom.
HIPAA Compliance and Handling PHI
HIPAA and similar legislation regarding the privacy of medical records require the placement of physical and electronic safeguards to ensure the secure passage, maintenance and reception of protected health information (PHI). HIPAA requires that sensitive information be governed with the strict data security and confidentiality, while obligating organizations to provide PHI to patients upon request.
To ensure HIPAA compliance, healthcare providers must securely store sensitive files in an on-premises data center, private cloud or virtual private cloud (e.g., AWS GovCloud). Public SaaS platforms, like Dropbox, do not meet HIPAA’s data privacy, security or sovereignty requirements.
However, with files residing on users’ workstations, laptops, mobile devices and departmental servers across the organization — complying with these regulations is extremely difficult. What’s needed is a more centralized approach to storing, managing and protecting files. This is one of the strengths of centrally managed cloud storage. Using such a platform, organizations can ensure that all files containing patient information are centrally stored and monitored, helping them to comply with HIPAA and other data privacy rules.
Edge-to-Cloud Computing for Digital Healthcare
While healthcare providers are migrating data storage to the cloud, most healthcare data are created
Until recently, the cost and scalability advantages of cloud-based file storage came at the expense of performance, latency and data availability. Edge-to-cloud file services bridge this gap, enabling healthcare providers to manage data securely and efficiently, while at the same time making that data instantly available to medical teams. In some cases, accessing the most up-to-date patient information (e.g., allergy history) can be a matter of life and death. In others, like viewing a PACS image, fast data access is essential for delivering the best treatment and care.
Real-World Edge-to-Cloud File Services Use Cases
Imagine a mobile app that enables field physicians to access files securely wherever they are. All information is securely stored in the organization’s data center, so if a user loses or damages their laptop, patient data remain within the organization. Physicians have anytime-anywhere access to the files they need, with the ability to upload images and sound recordings to the cloud. Rather than struggling to send large images as email attachments, users can upload files to the cloud and send a secure hyperlink to their recipients. This type of file sync & share functionality has already been implemented for healthcare providers around the world.
Another possible application of edge-to-cloud involves wearable sensors that track heart rate and blood pressure. These sensors are already popular among sports enthusiasts. These always-on devices generate a tremendous amount of data. Rather than sending all the data to the cloud, the app could process and filter the data in a highly secure manner at the edge and then send only the relevant data (e.g., EKG for the last hour) to the cloud.
Key Ingredients of a Secure Edge-to-Cloud Storage Solution
In terms of architecture, a secure multi-cloud data management solution typically comprises three key components: 1) cloud storage gateway appliances installed on premises at the healthcare provider’s distributed sites; 2) software agents and apps for endpoint backup and mobile collaboration; and 3) centralized, cloud-based management for managing services, users and connected devices. End-to-end data security and privacy protection must be implemented at all levels.
Edge Appliances/Cloud Storage Gateways
Cloud gateways deployed at the edge streamline cloud storage access for remote sites. Whether deployed as a physical or virtual appliance, the filers should perform file caching to optimize user experience and reduce latency. Smart caching solutions allow organizations to move cold data to cost-effective cloud object storage and locally cache frequently used files for fast access. Cloud gateways deliver unlimited file access and seamless collaboration to remote branch users, with visibility to all organizational files centralized in the cloud.
Endpoint Client
This component supports private in-firewall endpoint file services for remote laptops, servers and mobile devices. Typically, these services may include secure file access, collaboration, source-based global de-duplication, backup and sync functionality. This software agent allows users to access all cloud-based files from any device regardless of local storage constraints. Endpoint applications enable highly efficient and end-to-end secure transmission of data across the network.
Data Management
Centralized, cloud-based management of unstructured data — wherever it resides — allows healthcare users to gain complete visibility into patient health from a single authoritative source. Managing endpoint apps, cloud gateways and applications running in the cloud, this component provides comprehensive insight and control over organizational data. This unified approach eliminates data silos and islands created by traditional NAS and file servers. Data management and service orchestration tasks include data protection, file sync & share services, provisioning, monitoring and alerts. To ensure data sovereignty, this component should also support role-based access control and granular event logging.
Data Security
Secure storage and sharing of sensitive patient data is a fundamental requirement for healthcare providers. Data security must be FIPS 140-2 and HIPAA compliant with tools that provide administrators with complete control over information — where it resides, when and with whom it is shared. Security features should include 100% in-firewall deployment, AES-256 data encryption in transit and at rest, private key management, strong authentication and policy-based DLP controls for storage and collaboration.
Conclusion
As healthcare providers advance their digital transformation initiatives, secure edge-to-cloud file services offer concrete advantages over traditional file storage. This new approach modernizes branch office file storage, while maintaining the highest levels of data privacy and compliance. At the same time, it allows healthcare providers to dramatically reduce storage costs and total cost of ownership, streamline multi-cloud data management and improve productivity and user experience.
Saimon Michelson is Chief Architect of
Get the best
More on the Cloud & Healthcare
Newsletter
Advertisement
Related Content
Advertisement
Latest CME
Advertisement
Advertisement
