In this special guest feature, Gerard Scheitlin, Vice President of Security, Risk, and Assurance at Orion Health, makes the case that big healthcare players are storing big data in the cloud because the benefits of cloud infrastructures are significant and hard to ignore. Gerard is the executive in charge of the Risk, Information Security, and Quality function for Orion Health, a global provider of healthcare information technology. This includes responsibility for the organization’s security strategy, privacy and compliance oversight, clinical performance, and the implementation of quality improvement efforts to surpass compliance with industry leading accreditation standards. Gerard is a certified Lean Six Sigma Master Black Belt and holds a Bachelor of Science in Mechanical Engineering from Purdue University, and a Master of Science in Engineering Management from the University of Alabama.
With major projects like ICD-10 and Meaningful Use no longer the focus and new initiatives like precision medicine still a bit in the future, 2017 will be a transitional year. Organizations have invested a great deal in technology infrastructure to meet these government regulations and 2017 will be the year they test the capabilities of these investments.
As health records have moved from paper to electronic form, the number of patients whose private data has been compromised is skyrocketing. As shown in the below graph, protected health information breaches affected more than 113 million individuals in 2015, according to information collected by the U.S. Department of Health and Human Services Office for Civil Rights.
Besides disclosures of protected data, 2016 also saw an increase in ransomware attacks, where a hospital’s data is encrypted and held hostage. Since many institutions pay the ransom or resort to backed-up data without making a public announcement, it is difficult to estimate the true depth of this problem, but it is certainly a growing and worrisome trend.
These privacy and security concerns have been rising at the same time as an increasing amount of enterprise technology is being moved to the cloud. A false sense of security is derived from knowing that information is tucked in snuggly within the servers under an organization’s roof. If critical information is stored where it can be seen, it must be more secure than up in the cloud, right? Not quite.
Benefits of the cloud are difficult to ignore. This model delivers flexibility, scalability and a freedom to access information wherever and whenever needed that on-premises solutions can only dream about. The cloud alleviates costly hardware investments and offers greater disaster recovery functionality than most companies can implement alone.
These benefits are moot points if privacy and security are not achieved. The security of personal health information is among the biggest concern with decision-makers when it comes to adopting cloud technologies. Most large cloud vendors, including Amazon Web Services (AWS), are HIPAA compliant and understand the complexities of healthcare. They have large and talented security teams that understand the impact a breach would have on their business.
Partnering with large cloud vendors removes the burden of managing infrastructure, giving IT staff more time to focus on improving security controls. Teams can focus on defense-in-depth philosophies, incorporating multiple controls to secure the protected information. Data encryption and multi-factor, role-based authentication alleviates privacy concerns around uploading, downloading and accessing information. IT staff can monitor data real time through security operations centers and ensure the information is protected through a series of controls, including vulnerability/patch management, data loss prevention, penetration testing, and incident response. The effectiveness of this partnership has led many organizations to conclude that cloud security is superior to what they can achieve with their own on-premises solutions.
It is important to note that some of the biggest healthcare players in the country have trusted their patient data to cloud services such as AWS, including The Centers for Disease Control, Phillips Healthcare and Bristol-Myers Squibb. Phillips Healthcare, as an example, is storing 390 million medical records across hundreds of customer sites and 100 countries with AWS.
Healthcare organizations utilizing the cloud benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations, allowing them to scale and innovate, while maintaining a secure environment. This is a level of security that meets, if not exceeds, the best on-premises solutions.
Sign up for the free insideBIGDATA newsletter.