Damian Chung, business information officer at Santa Clara, Calif.-based Netskope, a computer security platform, provided insight for healthcare IT leaders about cloud security in a Jan. 7 VentureBeat report.
Mr. Chung's three security recommendations:
1. Get your cloud service provider to sign a business associate agreement.
Cloud service providers are not considered business associates — entities that use or disclose patients' protected health information — under HIPAA, but a business associate agreement can ensure that the provider will assume responsibility for protecting patients' health information.
2. Always look ahead.
"The need to become more efficient will drive digital transformation and the push to the cloud, but it's important to think about that before you make that push," Mr. Chung told VentureBeat.
Set up security policies, think about what applications and data you want on the cloud, and see where cloud migration makes the most sense.
3. Retain visibility of your data.
Ensure that your data is secure by knowing who is supposed to have access to it.
Because physicians can work at multiple locations, they may have access to different data systems. Always check your network to see who no longer needs access to data when they are off duty or at a different facility, the report said.