Cloud-based electronic health record systems have become increasingly popular. But they raise security issues that providers need to address, according to attorney Howard Burde, speaking at the 20th National HIPAA Summit in Washington, D.C. this week.
"The healthcare information is stored, used, and analyzed remotely from the users, and accessed through the Internet," Burde said. "It's going somewhere you don't know."
Some security issues that are particularly acute in cloud computing, according to Burde, include:
Access to data, back-up plans, and business continuity in the event of a disaster
What security incident procedures are in place in the cloud
How physical access to the server in the cloud is limited
Burde recommended that providers need to conduct security management analysis of the cloud--which includes the ability to audit the cloud provider--to ask if its workforce is adequately trained in HIPAA, and a way to evaluate how the data is kept secure.