While only an intriguing concept just a decade ago, cloud computing is now growing at a rate exceeding any early predictions. In fact, according to a study quoted in a recent article in Forbes, the worldwide growth in cloud computing will reach a size of $19.5 billion by 2016.
This number represents a compound annual growth rate from 2013 to 2016 of 36%. Many of those moving to the cloud are doing so because of security concerns, especially in fields such as healthcare and financial services.
The Crucial Issue of IT Security
A recent article in EMR & HIPAA notes a seemingly counterintuitive fact about the cloud and IT security. Historically, IT professionals have preferred to keep tight, local control over their IT resources and networks. The assumption has been that local security is the best security. Additionally, many individuals with only a passing knowledge of how cloud data centers work, see the use of a remote data center as an added, uncontrolled risk to their applications and information
These concerns are especially significant for healthcare organizations and those considered to be covered entities under HIPAA. These organizations and medical professionals are now well-versed in the civil and criminal penalties for failing to comply with HIPAA regulations concerning protection of all patient records and information.
The simple fact is that most such entities cannot afford or do not know how to provide the level of security now being required. This is especially the case in light of the increasingly sophisticated attacks by blackhat operators. Just recently, the world was told about what is considered the largest data breach in computing history. PCWorld was just one source reporting on the breach, indicating that the total passwords compromised could exceed 1.2 billion. In addition, Modern Health recently reported that Chinese hackers had been able to breach Community Health Systems’ computer network and “stole 4.5 million individuals’ nonmedical patient data,”.
Making the Best of a Bad Situation
Headlines such as these will serve only to raise the concerns over IT security to greater levels. The article in EMR & HIPAA makes the point of the doctor who simply doesn’t have the resources to deal with this problem effectively at their level. However, even the larger providers and organizations face similar problems. The reality is that the larger a covered entity, the greater the risks of being targeted for an attack. However, this does not mean that smaller entities are not subject to attacks. They need just as much data protection as the larger ones.
Unfortunately, many healthcare providers do not understand the complexities and options when it comes to the security levels they can demand. This includes evaluating the differences in a private cloud, public cloud, and different uses of the cloud. Moreover, these covered entities are often overwhelmed by the multiple aspects of full spectrum security, including:
-
Physical security
-
Disaster recovery
-
Data protection and encryption
-
Application-levelprotection
Growing security and privacy concerns are driving many healthcare entities to cloud providers. They take comfort in the greater level of IT security these providers offer, even if they don’t fully understand the hows and whys. In simplest terms, it is comforting to many of these organizations and professionals to have a significant third-party assuming the primary security function. This is now becoming more and more the case for healthcare entities as well.
Covered entities are dealing with the multiple dynamics of increased HIPAA enforcement, growing attacks on IT security systems at all levels, and the promised security resources of legitimate cloud data centers. These combine to make cloud computing an increasingly preferred alternative for many such organizations.
Netgain is a SSAE 16 certified service provider of private cloud-based IT hosting solutions. We are focused primarily on healthcare clients, in particular the small rural hospitals and mid- to large-physician practices. Our dedicated cloud and private cloud offerings allow organizations of all sizes and specialties to enjoy cloud computing benefits without compromising control or security.