Getting health data security in the cloud

A new private cloud service for healthcare organisations demonstrates that cloud services can meet stringent security regulations such as HIPAA in the USA, and shows that old approaches such as data siloes can be exploited in new cloud-oriented guises

When business people talk about the cloud the most common concern is still the subject of data security. The perceived risk of data leakage often seems to be too big to contemplate.

But that need not be the case, however. It is even possible to have cloud-delivered services that are certified to some of the toughest data security regulations around, such as HIPAA, the Health Insurance Portability And Accountability Act in the USA.

Here is one example of what is possible, which is also an example of where the supposedly `outdated’ idea of having some data siloes is in practice still relevant. What is more, it arguably shows that the cloud is well equipped to provide it.

FireHost, a US-based secure cloud hosting company, has just announced a new HealthData Repository, certified to the US HITRUST (Health Information Trust Alliance) standard as a private cloud infrastructure that protects regulated healthcare data.

By decoupling electronic health records (EHR) and electronic protected health information (ePHI) from monolithic IT environments, HealthData Repository reduces the number of in-scope systems, therefore shortening the length and cost of compliance audits, while strengthening cloud security and performance.

The company already works with more than 150 healthcare focused organisations across the USA, and its cloud infrastructure hosts millions of health data records.

According to “Every healthcare organization has a multitude of records to protect, including data on paper, in email and scattered digital files. HealthData Repository isolates the most sensitive datasets from the general IT environment, while keeping it available via secure remote connections and decisive administrative permissions”Kurt Hagerman, FireHost’s chief information security officer, HealthData Repository offers enhanced security by isolating regulated data from the more general infrastructure and broad administrative permission sets associated with the general management of a healthcare organisation. In addition to providing control over access credentials, the service delivers classic cloud agility and scalability, allowing resources to be provisioned and decommissioned on demand.

“Every healthcare organisation has a multitude of records to protect, including data on paper, in email and scattered digital files. HealthData Repository isolates the most sensitive datasets from the general IT environment, while keeping it available via secure remote connections and decisive administrative permissions,” said Hagerman. “And just as importantly, by keeping regulated data protected in a secure pod, HealthData Repository helps ensure the continuity that’s critical for healthcare environments and patient initiatives.”

Hagerman added that HealthData Repository offers multi-site capabilities across all FireHost datacentre facilities while maintaining data sovereignty. Because it’s a HITRUST-certified infrastructure, customers enjoy a lighter compliance burden, less procedural documentation and faster audits. With low latency and multiple points of presence for global redundancy, the service offers a high-performance private cloud infrastructure, while FireHost’s Intelligent Security Modeleliminates the need to waste memory and processor resources on unwanted traffic.

HealthData Repository is designed to benefit a wide range of healthcare IT requirements, ranging from research organisations through to specialist consultants. The company is also targeting EHR Solution Providers and SaaS Providers, giving them the option of spending more resources to developing specific end user solutions and deeper end user engagement.

The certification of HealthDataRepository by HITRUST is an important marker of the trust that is now being put onto the security capabilities possible with cloud services.

“For health information systems and exchanges to be broadly adopted, security must be at the core of how healthcare-focused organisations work with patient data,” said Michael Frederick, vice president of assurance services at HITRUST. “FireHost’s HealthData Repository is a strong example of how these organisations can protect their data, making it easier for them to comply with federal regulations such as HIPAA. FireHost were one of the first cloud service providers to achieve HITRUST CSF certification. Our faith in FireHost’s HealthData Repository is so strong, we utilise the service to protect our own MyCSF tool.”

The hyperscale data centre market is set for explosive growth, driven by rising demand for digital...
JumpCloud enhances its IT security capabilities by acquiring Breez, a pioneer in identity threat...
Micro Support Group partners with Zadara to deliver resilient and secure cloud solutions, promising...
Veeam Software expands its offerings with Veeam Data Cloud for Managed Service Providers,...
Progress Software launches Automate MFT, a cloud-based solution revolutionising secure file...
The EU Data Act is pushing SMEs and MSPs towards a multi-cloud, multi-vendor approach to mitigate...
Almaviva partners with OVHcloud to enhance compliant and sovereign digital solutions across...
Rebranding to Hammer Distribution, the company renews its commitment to distinguished service and...