HIMSS VCE: Ensuring security in the clouds
While Google Health and Microsoft HealthVault are the most well-known cloud computing models, the concept is still relatively new in the healthcare industry.
Healthcare organizations exploring cloud computing for their IT needs are most concerned about how well their data can be secured in a virtualized environment.
In their education session, “Healthcare Systems in the Cloud: A Privacy and Security Primer,” Tuesday afternoon at 1pm CT, Paul Johnson, consulting director for NetSPI, and Aaron Wampach, security engineer for HealthPartners, discuss the challenges of cloud computing.
Healthcare is a conservative industry, with core systems not traditionally outsourced, Johnson said. That’s changing, with many healthcare organizations consolidating their hardware and virtualizing the hardware that their applications are running on, he said.
Cloud computing has many advantages, including architectural scalability and infrastructure on demand. Organizations don’t have to buy, implement or maintain servers, which is cost-effective.
Security is a big concern, Johnson said. “You have to feel comfortable with the model,” he said. Comfort level can be attained by testing and validation, and identification of who is doing what in terms of security management.
Cloud computing offers security advantages that are better than what organizations, especially smaller ones, can do on their own, he said. “If you look at most service providers, they have industry standards for data center environments, including physical security and business continuity,” he said.
Johnson pointed out that privacy breaches in the healthcare industry have been, more often than not, results of theft of data on laptops.
The session will provide a better understanding of the different cloud models, trends and privacy and security challenges. Johnson will also offer best practices.
According to a 2008 IDC survey, IT spending on cloud computing across industries will hit 10 percent by 2013. Cloud computing is coming, Johnson said. Healthcare organizations would serve themselves well to learn more about it.