Cloud computing privacy and security risks explored
Role-based access, network security mechanisms, data encryption, digital signatures and access monitoring are all areas healthcare providers and third-party cloud service providers should explore to ensure the privacy and security of sensitive health records, according to a recent study appearing in the Journal of Medical Internet Research. The researchers conducted an analysis of cloud-based EHR systems through a literature review of mainly Medline sources and direct correspondence with cloud providers.
Cloud-based EHR management systems offer the advantage of sharing patient records with other clinical centers and the integration of all the EHRs of a group of clinical centers. However, extra precaution must be exercised to ensure the safety and confidentiality of health information, such as EHRs in the cloud, wrote lead author Joel Rodrigues, PhD, Instituto de Telecomunicações, University of Beira Interior, Covilha, Portugal, and colleagues. “A relationship built on trust with the cloud service provider is essential to ensure a transparent process,” according to the paper.
To guarantee the security of their systems, cloud service providers must follow several security mechanisms to maintain the safety, privacy and security of their clients’ data. These include:
- Notifying patients about the data migration from a healthcare provider to a third-party cloud service provider while explaining the advantages of putting their healthcare information in the cloud
- Development of a role-based access system
- Holding the cloud provider accountable for security and privacy threats
- Encryption of all healthcare data
- Deployment of digital signatures to ensure the authenticity, integrity and nonrepudiation of senders of healthcare data and overall avoid false data transactions
- Implementation of monitoring systems that log all those who have accessed the system
To view the entire study, go here.