Paper addresses privacy, security concerns related to processing, storing, and transmitting patient data in the cloud
SEATTLE – June 18, 2020 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today the release of its newest report, Telehealth Data in the Cloud. Produced by the Health Information Management Working Group, the paper examines the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud, including those within the context of edge computing for telehealth solutions.
In the wake of COVID-19, health delivery organizations (HDOs) have quickly increased their utilization of telehealth capabilities (i.e., remote patient monitoring (RPM) and telemedicine) to treat patients in their homes. These technology solutions allow for the delivery of patient treatment, comply with COVID-19 mitigation best practices, and reduce the risk of exposure for health care providers. Going forward, telehealth solutions — which introduce high levels of patient data over the Internet and in the cloud — can be used to remotely monitor and treat patients who have mild cases of the virus, as well as other health issues. However, this remote environment also comes with an array of privacy and security challenges.
“For health care systems, telehealth has emerged as a critical technology for safe and efficient communications between healthcare providers and patients, and accordingly, it’s vital to review the end-to-end architecture of a telehealth delivery system,” said Dr. Jim Angle, co-chair of CSA’s Health Information Management Working Group. “A full analysis can help determine whether privacy and security vulnerabilities exist, what security controls are required for proper cybersecurity of the telehealth ecosystem, and if patient privacy protections are adequate.”
With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues. The HDO cannot leave this up to the cloud service provider, as it is a shared responsibility. The HDO must understand regulatory requirements, as well as the technologies that support the system. Regulatory mandates may span multiple jurisdictions, and requirements may include both the GDPR and HIPAA. Armed with the right information, the HDO can implement and maintain a secure and robust telehealth program. Cloud Access Security Brokers, the paper notes, ensure HDOs understand what cloud connections are made and what data is sent to the cloud.
CSA offers several resources for HDOs to help with continuous monitoring activities. The Cloud Security AllianceSecurity Trust and Assurance Registry (CSA STAR)—a registry of cloud providers that have met the security requirements and are certified—provides an open-source tool for annual assessments for continuous monitoring of security controls. The annual Cloud Security Alliance Top Threats List, meanwhile, compiles the top cloud security threats and can provide HDOs with further information on the concepts highlighted in this white paper, including business impacts for each threat, key takeaways, CSA security guidance, and the controls used to help mitigate the threats.
The Health Information Management Working Group aims to provide a direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications, and storage) to their clients, and foster cloud awareness within all aspects of healthcare and related industries. Individuals interested in becoming involved in the future research and initiatives of this group are invited to do so by visiting the Join page.
About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA’s activities, knowledge, and network benefit the entire community impacted by cloud — from providers and customers to governments,entrepreneurs, and the assurance industry — providing a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.