When it comes to data privacy, the healthcare industry is one of the most strictly regulated. It stands to reason, therefore, that the healthcare industry should be among the most conservative when it comes to adopting the cloud. Surprisingly, that is not the case. According to recent CipherCloud research, cloud adoption is pervasive across all industries, including the healthcare industry. What cloud data security lessons can we learn from healthcare’s embracing of the cloud?
- Safe cloud adoption is possible for even the most highly regulated industries.
The key takeaway from the healthcare industry’s embrace of cloud computing is that secure cloud adoption is possible, even for organizations dealing with heavy compliance burdens. The benefits cloud computing can offer to healthcare providers and enterprises are significant, ranging from improved information accessibility and sharing to reduced infrastructure costs and outages. The additional effort and investment required to secure a healthcare cloud initiative is worth it in the long run.
- Safe cloud adoption means more than just HIPAA and HITECH compliance.
Regulatory compliance is, of course, the top-of-mind topic for IT security leaders at healthcare organizations. Unfortunately, paying lip service to HIPAA and HITECH isn’t enough. When it comes to cloud data security, HIPAA and HITECH offer a useful baseline or framework around which to base data protection decisions, but as last year’s Community Health Systems (CHS) data breach shows, lax HIPAA enforcement sometimes allows exposures to happen. In order to adopt cloud computing securely, healthcare organizations must do more.
- Safe cloud adoption demands a variety of data protection tools.
As part of an effective cloud data protection strategy, healthcare organizations need strong security leadership and a diverse selection of tools with which to secure sensitive ePHI and other data before it enters the cloud. Those tools should include tokenization for data that cannot leave the premises, encryption of varying strengths and formats for data that can, DLP integration to ensure consistent policy enforcement across on-premises and cloud environments, and robust visibility, reporting, and auditing tools to ease monitoring and compliance tasks. With these tools in place and the expertise to make use of them, even large healthcare organizations can reap the benefits of the cloud without compromising the integrity and confidentiality of their protected patient and corporate information.
Healthcare, of course, isn’t the only industry that must cope with strict regulatory requirements complicating a transition to the cloud. Banking and finance organizations also deal with stringent data protection requirements, while government, manufacturing, and telecommunications have their own cloud data security needs. To learn more about how enterprises in these highly regulated verticals protect their data in the cloud, download our research report, “Global Cloud Data Security Report: The Authority on How to Protect Data in the Cloud Q1 2015,” today.