Cloud Security in the Medical Imaging Environment

January 24, 2012
107 Views

A Diagnostic Imaging poll making the rounds on Twitter today took a quick pulse on cloud security and imaging sharing:

A Diagnostic Imaging poll making the rounds on Twitter today took a quick pulse on cloud security and imaging sharing:

Using the cloud requires turning over responsibility for data security and privacy to a third party—and that can be a concern for healthcare providers. In reality, a cloud-based service can provide higher levels of security than most healthcare facilities because the supplier has a specialized team devoted to implementing the latest security technologies and provides 24/7/365 monitoring of data access and operations.

 

Cloud services protect the privacy of data through infrastructure design, access control, audit tracking, and a security team that oversees all operations and ensures the physical security of each data center.


  • Infrastructure Design: The communication between customer sites and data center is done within a virtual private network providing encryption of the communication at the network level. SSL-based encryption is used at the application level to transfer medical data while ensuring end-to-end confidentiality, regardless of the underlying network implementation between the Service Access Point and the data center. This encryption ensures that no one can access data while it is being carried over the network or the Internet, between the DMZ and the end user viewing software. Data is encrypted and also secured against the physical removal of devices, and databases are also encrypted to ensure data privacy.
  • Access Control: Authentication and access control restrict use. Site-level access control is confined to specific CSAPs. Access rights are limited to authorized users (with passwords and other requirements) and user access can be confined to specific patients and types of studies.
  • Audit tracking: An audit trail monitors all activity on each user’s server and each component of the data center. Metrics are collected from each device and an alert is triggered when a faulty condition or potential breech is detected.
  • Security team: Each cloud provider should have a security policy that governs all security procedures and is headed by a qualified security officer. The security team monitors all data access and ensures the physical security of the data centers. Badge controls are used to restrict access to specific areas of the data center. Security guards provide around-the-clock protection and a strict policy is enforced for document and laptop management.
Cloud-based computing in the radiology market has evolved from a service that provided cost-effective disaster recovery for archived data to a sophisticated technology that can deliver fully featured PACS and vendor-neutral archiving solutions to healthcare providers of all sizes. Its widespread appeal lies in its ability to deliver highly scalable, pay-for-use solutions that include technology upgrades and expert security measures—all available for substantially less than the cost of purchasing and maintaining an on-site infrastructure and management personnel.
Cristine Kao

Cristine Kao, Global Marketing Manager, Healthcare IT, Carestream

Healthcare facilities should ask for detailed documentation on security from every cloud services supplier they evaluate – what should you ask? Our cloud-based data security white paper offers guidance on how to evaluate the data security capabilities of cloud-based services for your healthcare facility.


Let’s keep the conversation going. What security concerns are keeping you from a move to the cloud?