A research was conducted by Healthcare IT News about how many people prefer to include Cloud computing in their IT activities, programs or projects. It was found out that almost 48 percent of the respondents showed keen interest in including cloud computing to their IT programs where as 33 percent of the respondents were already having it in their IT systems or programs. 19 percent of the respondents had no interest in cloud computing because they thought that cloud computing is insecure. This was the reason expressed by the President of ID Experts, Rick Kam.
Other than that the privacy and security of the data is a thing that every sensitive institution is concerned about. Such sensitive institutions include: health care institutions, health care entities, and health care providers. According to them the most important aspect within health care institutions is the security of their data. According to the Act of accountability and insurance portability, the institutions that deal with health care are answerable and responsible for the security and privacy of the information or data in the cloud, but life for these institutions doesn’t end here, as nothing is impossible and there are possible ways of risk reducing in cloud computing.
The following can be the possible ways to reduce the risk of insecurity in cloud computing:
- The terms and conditions of Service level Agreement should be considered retrospectively so that there is a proper understanding of the risks and liabilities of an entity. This should be done while using the services of a cloud computing provider, and must fully accept and agree to the terms and conditions and should try to fully adhere to it.
- There should be limited access to the information and data of the health care institutions, especially that are in the cloud computing system, though entities that are small compared to others might have to carry on with whatever service they are able to afford in cloud computing. This would disable such entities to limit their access of information and data which might be leaked and received in a social or official capacity because it is cheaper as compared to the private cloud. If small health care entities have to secure their data they will have to make sure that they have a private cloud which would cost them quite a bit.
- There should be a thorough research of the cloud computing applications as there are federal laws which limit the access for the protection of health information. This would require authenticated, legalized, permissible and authorized users who would have access to the cloud computing applications having a separate log for the checking of each individual’s access. This add-on though doesn’t exist in all applications, but it is the responsibility of the institution to be fully prepared before having the applications of cloud computing. The applications of cloud computing also have certain risks of exposure while moving the data, therefore, it is vital that the data or information is smartly, smoothly and securely moved between different software applications. The applications should be designed keeping diverse systems and organizations (inter-operate) in mind. There should be proper standardization of protocols for interoperability, and its development should be taken seriously. Institutions should take interoperability into consideration and should ensure its existence in the application.
- There should be third party validation while using cloud computing application. There must be a certification from the cloud computing provider that assures that the application meets the standards of HIPPAA and HITECH security systems. The certification should have an affiliation from a medical organization or a medical association marking it reliable for use by health care institutions.
- There should also be an inventory or list of the information and data kept by the health care entity to make sure the information protected is personally identifiable. This would control and maintain the stored, used and disposed of data for the particular entity and its health information. This would also help the health care organization in planning the security measures which would reduce data theft risks.
- There must be a cost effective and cost efficient response plan of an incident that can help a particular entity in meeting the security requirements of HITECH and HIPAA and also having a separate paper work in case if there is any occurring of data breach. The paper work or guideline should have specific roles, guideline which would include: responsibilities, duties of a team at the time of a security breach.