2. Affordable Care Act
• The benefits of the Affordable Care Act (ACA) are still
being debated
• The roll-out of the ACA website, Healthcare.gov, and
its subsequent problems provide sufficient evidence
for enterprises to consider moving to the cloud in
order to ensure data security
• The Healthcare.gov debacle proves that enterprises
cannot move their sensitive data to the cloud while
relying blindly on cloud service provider security and
assuming that the data is safe
3. Cloud data concerns
• Ask for high security levels
– Cloud service providers can provide and maintain high
levels of security than many individual enterprises
– But as more data moves to cloud, it becomes that much
more vulnerable for potential attackers
– Data breaches could result in compliance penalties so
enterprises need to make sure they have Business
Associate Agreements in place as well
– the latest HIPAA Omnibus Rule aims to change that by
imposing equal responsibility on health IT vendors and
providers
4. Cloud data concerns
• Demand secure coding
– The Healthcare.gov website reportedly had a complex set
of 500 million lines of code that was not properly checked
before the portal was rolled out
– This also compromised the security of the website
– Cloud service providers rigorously test their services
before rolling them out to their customers and display a
commitment to secure coding practices
5. Cloud data concerns
• Demand visibility
– More and more end users are shifting to cloud services
and must look to demand visibility from their vendors as
part of their contractual agreements
– Lack of transparency can be a big problem where users are
unaware as to how their information is being used and
shared by the health information technology providers
6. Cloud data concerns
• Don’t just rely on provider assurances
– In November 2013, when experts identified numerous
security risks with Healthcare.gov, they were of the
opinion that personal information of millions of Americans
was at risk
– These experts suggested the site to be taken down, but it
hasn’t been done so far
– Enterprises that use sensitive data – especially data
covered by HIPAA can no longer rely on service provider
assurances
– If they are taking a risk-based approach, they must
independently secure their cloud data through encryption,
and practice sound key management
–
7. Read more on blog.curemd.com
• To read more on this topic, visit:
• http://blog.curemd.com/how-to-ensure-cloud-datasecurity/