Modern technology has revolutionized the way patient information is stored, accessed, and shared, and many say for the better. Proponents of the growing trend among healthcare providers to use cloud systems to improve efficiency in electronic healthcare records (EHR) protocol claim that this new way of doing things is actually much safer for the patient. But, is that always the case? It seems the answer is both yes and no, and healthcare providers are scrambling to hedge the risks associated with cloud storage systems.

What is the cloud? The cloud is basically the Internet, and cloud services provide Internet-based computing power and data storage. This means that whereas we used to have to rely on hardware, software, and computer memory for these things, we can now purchase them as commodities through the web. There are a number of advantageous implications of this, especially when it comes to remote data access and sharing between different computer networks. However, some people are concerned that sensitive information stored in the cloud might not be safe and secure.

Security considerations. The primary security consideration when it comes to storing EHRs on the cloud is that of data breaching. A data breach occurs when an unauthorized party gains access to private information, or when an authorized party accesses private information that has since expired. Theoretically speaking, because cloud storage exists in the Internet (as opposed to physical, on-site storage like a server), it is accessible to anyone who can gain entry to the storage unit. Some people argue that this entry can be gained in a number of unethical ways, and for unethical purposes.

Choosing the right cloud service provider. There are some specific characteristics that cloud service providers should have if they are to work with healthcare entities. For one, data encryption (in storage, backup, and in-use applications) is key to keep sensitive information private. Secondly, the provider should be thoroughly informed of HIPAA requirements, especially in regards to handling protected health information (PHI); there are providers that specialize in healthcare to meet these needs. Lastly, the cloud service provider of choice should be willing to sign a business associate agreement (BAA) in which it assumes accountability for HIPAA-mandated information handling procedures. That way, in the event of a data breach, the provider will be legally responsible and the IT security jobs at the healthcare provider end won’t be at risk.

The cloud may be safe for Health IT, HIPPA, and security, but only if certain precautions are taken and specific privacy practices are maintained. Safety in the cloud must begin with choosing the right cloud service provider. Fortunately, healthcare entities are working to do just that.