January 10th, 2018
Safety of EHRs in a Cloud computing Architecture
EHRs present various safety concerns due to their higher vulnerability to unauthorized access compared to paper documentation stored under lock-and-key. Moving such EHRs from the entity’s control to a storage facility offered through clouds located remotely and managed by third parties, could increase the risk of unauthorized access. For instance, in one global study cited by Kabachinski (2011, p. 148), IT practitioners expressed concerns over the ability of their organization to secure data and applications deployed via the cloud computing platform. Such concerns were, for instance, noted with respect to arrangements where the end users (e.g. physicians, patients and other staff) have the ability to manage the cloud resources that the entity deployed. In this respect, signing up to a resource without conducting appropriate due diligence on aspects such as safety features of such resources, enhances vulnerability of the stored EHRs to unauthorized access, for instance during data transmission (Kabachinski, 2011).
In another survey cited by the study by Kabachinski (2011), IT staff expressed concerns with cloud computing offers arguing that infrastructure and resources maintained by the entity in its premises are safer than those maintained in the cloud. Such concepts arose from perceptions that it would be difficult to establish physical restrictions for accessing resources containing sensitive information in the cloud. However, a contrary observation is that physical security in the cloud may actually be better, since files with sensitive files are distributed among numerous servers. In this respect, in case of physical intrusion, the intruder would only manage to access parts of the files that may not provide adequate information to enable the intruder’s mission of unauthorized use of information gathered (Kabachinski, 2011).
Storage of EHRs in a cloud computing architecture however, additionally, raises a question of trust for the providers of various solutions. Svantesson and Clarke (2010), for instance, highlight privacy aspects such as unauthorized use of patients’ data by third parties, which may negate the benefits of interoperability that cloud computing presents. Similarly, use of cloud computing resources could subject the entity into a heightened risk of being locked out of their data in case of disagreements with the providers of the infrastructure in which the data is stored (Svantesson & Clarke, 2010). An example of this, though not in healthcare industry, was the dropping of Wikileaks from Amazon’s list of clients after Wikileak’s release of State Department’s documents in 2010 (cited in Kabachinski, 2011, p. 149). Where the entity’s data is stored in cross-border clouds, the privacy and lockout challenges may be aggravated by inadequate legislative framework to govern the use of information that has been stored in the cloud (Svantesson & Clarke, 2010).
Various strategies to alleviate the security challenges of using cloud-computing solutions however present the potential for increasing integration of EHRs in the clouds. One of these strategies is the development of accreditation bodies to vet and approve providers for cloud computing solutions (Everett, 2009). An example of these is the Cloud Security Alliance, which is a not-for-profit entity that engages providers to use best practices that assure the security of the solutions they offer. Another approach to dealing with security risks for EHRs stored in cloud computing architecture is to provide financial incentives that encourage providers to remain committed to offering appropriate level of service to their clients. Such incentives (penalties) could also be used to encourage providers to enhance the quality of service where discounts accrue on aspects such as system downtime (“Monitor Webhost”, 2009).
Go to the concluding part.