By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    photo of hands with blue veins
    8 Proven Tips on Finding Difficult Veins
    November 12, 2021
    tips for getting over the pandemic blues
    4 Proven Ways to Get Over the Pandemic Blues
    February 22, 2022
    medical industry innovations
    How is CNC Machining Transforming the Medical Industry?
    June 2, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Doctors on Google: Manhattan Research Survey 2012
    July 23, 2012
    HealthCare’s Need for Transparency Goes Far Beyond Pricing
    December 10, 2012
    Medicare Payments to Providers Are Carved, Sliced and Chopped by Sequestration
    March 25, 2013
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: A Framework for Embracing Cloud in Health and Healthcare
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Business > Hospital Administration > A Framework for Embracing Cloud in Health and Healthcare
BusinesseHealthHospital AdministrationMedical RecordsTechnology

A Framework for Embracing Cloud in Health and Healthcare

Bill Crounse
Last updated: January 29, 2015 9:00 am
Bill Crounse
Share
9 Min Read
SHARE

A framework for embracing cloud in health and healthcare

Last week, I shared information about the progress we are making on Windows 10 and some really cool new technologies, like HoloLens, that I believe will have a significant impact in health and medicine down the line.

Contents
A framework for embracing cloud in health and healthcareA framework for embracing cloud in health and healthcare

A framework for embracing cloud in health and healthcare

Last week, I shared information about the progress we are making on Windows 10 and some really cool new technologies, like HoloLens, that I believe will have a significant impact in health and medicine down the line. This week, I’d like to focus on something much more immediately relevant to healthcare organizations—decisions about streamlining IT operations and reducing costs by moving applications and services to the cloud.

When considering such a move, health organizations wrestle with how to evaluate the security and privacy aspects of the cloud and how these relate to their hospital’s or clinic’s existing risk profiles. There are benefits and challenges in whether applications and infrastructure are hosted on premise, off-premise or a combination of the two. There are many choices and many risks that go along with each choice and it’s important to evaluate what will be optimal for each organization.

To help, Microsoft recently announced the availability of a Health Risk Assessment Framework–a guide to privacy and security considerations for the adoption of cloud service in the health sector. Although this document was specifically prepared to address the concerns of health organizations in Europe, I believe it is completely relevant to organizations anywhere in the world. Therefore, I’d like to share some of the key points with you. If desired, you can access the full document at the end of this post.

More Read

“Being the Best We Can Be”: Medical Students’ Reflections on Physician Responsibility in the Social Media Era
Connecting California to Improve Patient Care
Capture Patient and Market Insights with Social Media Listening Programs
Fighting Heart Disease Using the Web: 3 Tips for Success
The Skinny on TJC Accreditation

The shift to cloud computing offers health organizations enormous efficiencies, allowing far greater flexibility and capital cost reductions, while most importantly improving provider and patient access to real-time information. However, this shift often changes the way that organizations operate, and presents challenges to data privacy officers (DPO’s) and information security professionals.

  
Among the privacy and security-focused questions health organizations should ask when considering the cloud are:

  
Has an effective data classification and governance procedure been implemented to identify sensitive information and to apply the correct level of control for maintaining the security and privacy of the information? If not, what are the required steps to establish this procedure?

What rights does the cloud service provider reserve over customer data stored in the cloud? In particular, will the cloud service provider use sensitive health information stored in the cloud for its own independent purposes, such as advertising and marketing?

Who is ensuring data integrity for the computer systems? Are these systems stable?

Do the cloud computer systems implement any data encryption mechanisms for data-in-transit or for data-at-rest?

Does the security architecture of such systems comply with industry standards?

Does the cloud service provider offer comprehensive and easy-to-understand information about its privacy and security practices?

What assurances does the cloud service provider offer regarding the handling of law enforcement requests to access data stored in the cloud?

What happens to the data after the cloud service comes to an end? In particular, is the customer data securely deleted after expiration of the cloud contract?

What measures does the cloud service provider use to safeguard personal data transferred outside the EEA (e.g., Safe Harbor, European Commission’s Model Clauses, binding corporate rules)?

    
These are just a few of the questions that DPOs and IT security professionals need to ask as they develop a data protection and security strategy for their cloud environment. 
  

Before cloud computing technologies emerged, many inherent security and privacy risks existed in traditional (non-cloudbased) computing environments. However, since the boundaries of a traditional computing environment typically existed within the scope of an organization’s IT structure, organizations had greater control of management of such risks. With the introduction of cloud technologies, risk management responsibility is no longer confined to the internal IT organization. In this environment, health organizations may find it challenging to understand the scope of their responsibility across the enterprise and beyond. Understanding this new playing field and the players is very important to managing risk. In a traditional computing environment, the risk existed but it was fully owned by the organization in the health sector. In a cloud-based scenario, the equation changes from a single risk owner to shared risk ownership between the cloud service provider and the cloud customer. 

The Health Risk Management Framework provides an effective and continuous approach model inspired by the ISO/IEC 27001. This is the – Plan, Do, Check, Act cycle. This framework focuses primarily on risk management and incorporates several industry best practices to bring an effective framework for managing health risk. It has four phases.

  
1. Identify – Identify the organizational assets, classify them and provide relative rank of the organizational assets.  
2. Assess – Assess the threats and vulnerabilities associated with those assets using qualitative and quantitative approach.  
3. Implement – Once the assessment is complete, deploy and implement control solutions to reduce risk to the business.  
4. Monitor – Monitor the risk management process for effectiveness and re-affirm if the controls are providing the expected degree of protection.

  
The Figure below illustrates the four phases of the Health Security Risk Management Process.
  

image

Shared responsibility for privacy and security compliance in the cloud is inevitable and it is advocated by Microsoft. Understanding what “shared responsibility” means in practice is important to the success of effective risk management and compliance.

  
The Health Risk Management Framework provides a Privacy and Security Matrix that illustrates the shared responsibility between the vendor (cloud service provider) and the cloud customer to achieve the highest levels of compliance. The Matrix goes through some of the most important privacy and security controls arising from EU data protection laws and outlines the ownership associated with the controls when using Windows Azure & Office 365.

In the Matrix, the responsibilities for privacy and security safeguards belong either exclusively to the cloud service provider, the customer, or they are shared between the parties. In addition, some of the safeguards are the responsibility of the customer but the cloud service provider is required to assist the customer to implement the control, e.g., by providing information about the IT infrastructure of the cloud service provider. The Matrix, available in the full report, can be read with the help of the following key:  

image

Performing risk management as defined both in terms of traditional computing environments and cloud-related environments will allow organizations to successfully manage their risks. Additionally, when organizations purchase new products and services (which diminish the security boundaries of an organization) it is paramount to evaluate the products and service offerings from a health security perspective.

  
The Health Risk Assessment document provides an effective framework for health risk management and discusses the shared risk strategy for cloud services. Organizations utilizing this framework and understanding the shared mode of responsibility in a cloud environment will be better positioned to focus on their competitive strategy and take on greater challenges in the future knowing that their risks are well managed. I would encourage anyone responsible for a healthcare organization’s data privacy and security or anyone involved in making decisions about moving a healthcare organization’s data and information services to the cloud, to review the full report.

Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

eHealthMarketingTechnology

Here’s Why Teens And Young Adults Are Healthcare Digital Natives

September 13, 2018

Key Recent Developments in Diabetes Research

January 13, 2012
DiagnosticseHealthHome HealthMobile HealthRemote DiagnosticsSocial MediaWellness

How Technology Is Affecting Healthcare

June 3, 2015
eHealth

Sleep Monitoring at Home

June 28, 2013
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?