‘Why it's time for healthcare leaders to re-appraise the cloud’
Article posted on: December 14, 2015
(HealthTech Wire / Interview) - More and more industries are looking to work with the cloud, but many healthcare IT leaders are concerned that there are still remaining security issues with the technology. Leslie Sistla, Microsoft Director of Technology Strategy in its Worldwide Health Industry team, suggests it’s time to take a fresh look.
What are the keys to enabling end-to-end trust in a healthcare cloud scenario?
We did some work some years back at Microsoft, before the cloud, in answering that question. We asked ourselves, what would a trusted technology ‘stack’ have to include? We decided that it had to have five layers: trust at the people, device, operating system, application and data levels. So to pick just a couple there, you’re going to want to have trusted access by the right people at the right permissions level; you’re going to want to work with devices that you can manage securely, e.g. tablets; and you’re going to want to have that data encrypted, not just at rest but in transit, too. That’s the model we have based all our healthcare cloud work on. And as a result, we are delivering true ‘end-to-end’ healthcare cloud, because we can offer security on the identity and access control for your environment, as well as continuous monitoring and auditing of it all.
How does a trusted cloud improve a healthcare organisation’s security?
A healthcare customer needs to see four ‘pillars’ of security: one, security of the platform. They need to see that they can trust the technology, and that it adheres to all the latest and strongest standards. Two, they need to be reassured on privacy and control: they need to be able to manage, delete patient data whenever they need to, plus take it out of the cloud any time they want. Third, they have to know they are totally covered when it comes to compliance – that all the regulations the regulatory bodies are putting out there are always adopted. In our sector that’s going to be HIPAA in the US, the Data Protection Directive in Europe and so on. And fourth, they need transparency – they need to be able to tour a cloud data centre if they want to, that they always have visibility into what’s going on with their data.
I can confidently say that all four of those ‘pillars’ are what you get with Microsoft cloud. Microsoft puts a lot of investment and care into ensuring our healthcare cloud offering is as secure as it can possibly be, in other words.
What strategies do you recommend for getting healthcare organisations to the cloud?
The most important thing here is that you decide the pace. It’s in no way a ‘binary’ situation that you either have everything in the cloud or nothing – far from it, it’s about being comfortable. The first step in doing that is a solid data governance and data classification exercise, we find. Health informatics leaders can really identify and mitigate risk in all sorts of ways by sorting information into public, internal and confidential, for example. That classification is a great way of identifying what sort of patient or organisational data is appropriate for transfer; for example, training or educational data that’s meant to be open would be public, and a great candidate for cloud, while data classified as internal can be treated with de-identification, masking or encryption to protect it. Finally, confidential data may be held on premise or encrypted in the cloud, and we offer you your own key to do that. We find many organisations seeing archived data that is not regularly accessed as an easy first step, as it’s a low impact move that will cost less in the cloud, incidentally.
Finally, what is cloud data governance and how do you help healthcare organisations implement it?
Data governance is critical to healthcare, quite apart from the cloud. It’s the best way for the compliance or chief security officer, after all, to not just identify possible areas of risk but also ameliorate it. Thinking of moving to cloud can be a great way to start really understanding your systems, and – for you to really understand the dependencies, the data flows, which systems are the real systems of record. Data governance is in any case the best way for you to understand and effectively manage data in this new topology.
Find out more about Microsoft and achieving ‘end-to-end’ trust here: www.aka.ms/O365inHealth
© HIMSS Europe GmbH
All rights reserved. Abstracts can be used in articles provided that HealthTech Wire is mentioned as the source. The introduction paragraph may be freely used to link to the original text on HealthTech Wire. Please contact us if you require further rights of usage.