Securing Medical Information, Electronic Medical Records (EMRs) and Databases in the Cloud
|
|
- Opal Leonard
- 8 years ago
- Views:
Transcription
1 Securing Medical Information, Electronic Medical Records (EMRs) and Databases in the Cloud By: Connie Bergquist, Matthew Brewer, Debi Harding, James Konderla, Elizabeth Nguyen, Nathlay Phothirath, David Tribble BCIS 4690/5700 TEAM 2
2 Introduction Cloud computing is growing in popularity in the IT environment. The medical field is also increasing its use of the cloud method for storing sensitive medical and personal information related to patients. In response to the new technology methods of storing information, a highly secure way to store this sensitive information is needed. We are looking into the best practices and methods to not only store this information securely, but to also transmit this information through a secure environment without the possibility of capture by unintended parties. Key Issues With information and applications being migrated toward a cloud format, security of the information on the cloud is becoming more and more of an issue. With increasing regulation from the Health Insurance Portability and Accountability Act of 1996 and the Patient Safety and Quality Improvement Act of 2005, it is important to have a set of guidelines and proof that these guidelines are being adhered to for auditing purposes. It is important that these guidelines can be followed to prove that they are being followed with confidentiality, integrity, availability, authentication, and regulatory auditing. Models and Frameworks There are many Models and Frameworks in all areas of IT that can assist Healthcare providers as they journey down the path of implementing Electronic Medical Systems into their existing enterprise. The problem, though, with the number of models and frameworks, is that no one framework or model covers all areas and, due to the unique nature of the healthcare industry, 1 P age
3 do not provide an all-in-one solution. Each does, however, bring particular strengths and outline best practices in certain areas of IT. Below we will focus on several frameworks and models in particular. In addition, we will also demonstrate best practices and define some of the key issues, as well demonstrate the redefinition of cloud-based platforms in their application to the healthcare industry. The Healthcare Business Model All areas of health care are required to keep legal healthcare records. This is defined as the documentation of healthcare services provided to an individual during any aspect of healthcare delivery in any type of healthcare organization (AHIMA, 2010). Traditionally healthcare facilities have kept patient records in paper files stored on site which, while a convenient method for physicians, posed a great risk to the privacy of patients: paper records made transferring information from one physician to another more complicated. Many health care facilities are moving now to electronic healthcare records (EHRs). EHRs not only allows patient information to transfer easier without loss of data while also allowing patients to better access their own records. The American Recovery and Reinvestment Act (ARRA) that went into effect in 2009 was created to encourage healthcare organizations to adopt EHRs through financial incentive. This act focuses on several factors such as patient safety, best practices, return on investment, and ease of end-user adoption. Even so, the transition from paper records to EHRs is not a quick one, leading many organizations to use a combination of paper and electronic records during this transition. Some factors that are keeping healthcare providers using these hybrid records include funding barriers, competing technical priorities, strained human resources, and lack of industry education. The need for organizations to push past these factors into complete adoption of EHRs 2 Page
4 should be a top priority as the use of hybrid records increases the risk to patient safety through transcription errors between the types of records. The use of EHRs is becoming the norm in healthcare organizations and, though the transition may be slow, it is one that will undoubtedly continue. Security Frameworks and Best Practices ISACA IT Assurance Framework ISACA is a leader in IT governance, security, and control. They develop international information systems auditing and control standards (3). The IT Assurance Framework gives guidance for IT audit and assurance documentation, defines concepts and terms for IT assurance, and establishes the IT audit and assurance standards that are important for regulation and control of information contained in Cloud Computing. These standards will hold each firm to a minimum level of security to assure that information cannot be easily obtained by unintended parties. HITRUST Common Security Framework The HITRUST Common Security Framework is a set of controls relating to the storage and use of electronic personal health and financial information. This framework was developed as a means to have consistent and thorough securing of information in the healthcare industry. The framework has 13 security control categories comprised of 42 control objectives and 135 control specifications. Each of these objectives (4) can be met on the basic level. Or, they can be 3 P age
5 increased to one of the two higher levels. There are also alternative controls when and where it is not possible to meet the Framework protocols. Cloud Computing and Best Practices Internal Audit s Role in IT Services to the Cloud Internal Audit s role in businesses utilizing cloud computing is vital not only in the initial decision making process but throughout the lifecycle of company initiates. Based on the information gathered by the internal auditor, decisions about what is completed in-house verses outsourced to the cloud are determined by managers. There are four areas where internal audit assists in gathering performance and legal information in regards to IT, which will affect your businesses transition to cloud computing. Due Diligence Initial Auditing assessments in this area not only outline requirements but determine which vendors a company should enter into contract with. Internal Auditing must also determine which legal, regulatory, and contractual requirements a company must follow to meet federal compliance. Risk Assessment Auditing assessments must also analyze the risk involved with any areas, including cloud implementation and present alternatives that provide both additional options and added flexibility to the company. Business Strategy Compliance The Auditing assesments must next analyze business strategy compliance, including current performance and security standards, compliance and penalties, subcontracting relationships and NDA s while also determining how the business will meet these agreements. Current Relationship Assessment In this area, auditors must also analyze current relationships with vendors and service providers. Auditors must determine whether 4 P age
6 these relationships have been properly maintained and whether or not they should continue into the future. The auditors must also analyze the effectiveness of these relationships to determine if vendors and service providers have completed tasks efficiently, within budget, and whether this efficiency has improved over time. Defining the Private Cloud in Healthcare In order to define the Private Cloud in any industry we first must look at the definition of the cloud which, in its most basic form, is defined as internet-based computing in which large groups of remote servers are networked to allow sharing of data-processed tasks, centralized data storage, and services or resources (1). According to an article from ServerWatch (2), the definition itself alludes to the fact that the cloud now has layers. This new layered approach to the internet s architecture has produced companies that can supply these levels of the Cloud into packages that enable many industries, including Healthcare, to make better use of time, resources, and, more importantly, to cut costs where needed. The common layers can be seen defined in the info graphic below: 5 P age
7 As you can see, each layer provides a level of interest for healthcare providers in providing business continuity solutions through a mixture of on and off-site services. The Off- Site nature of cloud services provides unique challenges and problems for the Healthcare industry and its providers, the main concerns consisting of: Always-On Requirements: Data and applications must be available 100% of the time without interruption or data loss Security: Due to many laws, including HIPAA, all patient and healthcare data MUST be kept secure as well as available to the patient and providers when needed. Scalability: Healthcare systems must be able to house current patients while also being scalable and elastic enough to grow as new patients and new needs become available. Ownership and location: Who owns, as well as manages, the platform itself? How do current client machines connect to data and applications? 6 P age
8 These concerns actually provide a best-case scenario for Healthcare providers: Private Cloud computing. The private cloud must meet all of the above requirements, while also cutting cost, providing CIOs control over the applications, data, and even the hardware itself as needed. Therefore, a very reasonable solution that provides the best of both worlds has become to provide on-site access to the data, such as through on-site primary servers to provide the speed and availability required of these systems while also utilizing off-site solutions for the needed software, platforms, backups, and even hardware needs of the business. Plan of Action As you can see from the previous sections, there are many different frameworks with strengths and weaknesses in different areas of IT. The unique structure of the Healthcare IT world, however, means that a Healthcare provider cannot depend solely on one framework or methodology and must pick and choose portions of each while also meeting federal regulations and patient requirements. In order to do this, we would like to outline our Plan of action towards securing Patient and Medical information in the cloud through the following sections. Gain Support of Top Management Comparison of Costs and Benefits CIO s need to assess costs and benefits of implementation and the different measurements retrieved from each associated area in regards to technology. Legal compliance assessment should be supplied by internal audit, IT should provide the cost and benefits of inhouse services, and all other departments should list their needs and areas the company may benefit to invest in to assist in this process and complete the overall assessment of whether cloud computing is an acceptable environment for any particular business. The company may also need 7 P age
9 to consider outsourcing based on cost savings and what the company s core competencies are. The state of the businesses current systems, the levels of risk and security, and the ability to migrate is also a determining factor in the cost/benefit analysis. The last major factor any business must assess is their core competencies of the business and the ability of the business to manage IT infrastructure will determine the outsourced cloud implementations the business may consider. Equipment and Policy Training Cloud computing infrastructure as a service is an area where equipment and policy training for cloud computing will need a lot of guidance before enlisting upper management will support. Governance, procedures and policy of equipment and IT structure must be clearly defined so that managers can determines the benefit offered by IT services to the company. Considerations must also be made for the differences in traditional and cloud computing environments, as well as the Bring-Your-Own-Device movement and the risks and benefits involved. No matter the company, Training and change management is crucial when implementing any new system into an organization. Short and Long Term Planning When planning implementation of Cloud computing services a business must consider both long and short term goals. Implementing cloud computing services is based off the decision to outsource certain services to reduce cost and focus on core competencies. Data centers, servers, operating systems, and applications are areas where systems can be converted to the cloud. There are constantly short term goals that must be achieved throughout implementation but the initial costs may be large in the short-term. Many short term projects within the organizations such as marketing initiative and reducing overhead costs will add to benefits 8 P age
10 gained by the cloud but management must be kept appraised of efforts so that long and short term goals can remain aligned. Cloud computing projects can be very successful and provide an avenue to profit before the competitive advantage becomes the standard but companies and IT managers must also keep in mind the immediate needs of the company in their short term planning. The CIO should create a portfolio of the immediate benefits of implementation and the long term benefits of implementing the chosen cloud services. Implementation of Cloud Computing in Healthcare Data Protection Patient information must always be confidential and be protected at all times but whether or not cloud computing can cover this requirement is a question all healthcare organizations should ask. To answer this question, cloud computing can vary on levels of protection, depending on the choice of how it is set up. Due to the exposed and uncontrolled access of public clouds, there is little doubt that this method would not suit healthcare needs. On the other hand, private clouds may provide somewhat more data protection than public clouds. They re hosted inside an organization (or in a dedicated managed environment hosted by an Infrastructure as a service (IaaS) provider), allowing the organization dedicated control of servers, storage, and software at all times. Since private clouds are safer and more confidential than public ones, however, professional practices would be more likely to invest in this type instead. Fortunately, though, new solutions allow more protection and control of the public cloud that healthcare organizations are welcomed to use. Despite recent developments, professionals responsible for sensitive data should be warned of the risks of cloud computing. Industries such as healthcare that use cloud are increasingly becoming targets for hackers and therefore are 9 P age
11 strongly advised to evaluate their own requirements before deciding on cloud computing platforms. Keeping Up With Regulatory Forces Technological development is moving faster than ever and, as such, its regulations must stay in lock step with it. According to Joy Pritts, chief privacy officer in the Office of the National Coordinator for Health IT, there are reports that HIPAA will be modified to boost data protection for patients. Pritts believes that cloud computing in healthcare is inevitable and that smaller healthcare companies are resorting to cloud to host electronic health records and help reduce start-up costs (5). Changes entails HIPAA will directly regulate cloud services from here on out. The pending HIPAA modifications clarify that all business associates with access to patient data must comply with the privacy and security rules (5). Mobile Device Security and Policies These days, it is normal for employees to follow the concept of BYOD ( bring your own device ) at their place of work. It is fast, convenient, portable, and makes information even more accessible. However, there are concerns about the amount of security over mobile devices, especially in the case of sensitive patient data; HIPAA policies try to address these as well as other issues. Bill Kleyman of HealthITSecurity.com brings up some issues in his online article such as data-loss prevention, device interrogation, cloud-ready device controls, geo-location services, monitoring and reporting, and SDK-ready application security to describe how mobile security deals with them. Customer Relationship Management No matter how great a product is, it does not matter unless we satisfy our customer. Our product should be easy to use and our clients should be confident when they are in the system 10 P age
12 itself. In order for this to happen, we must build a good relationship with them. When our clients are storing medical data into the cloud, we want them to know that every single record is safe and secure. If we can build confidence in our customers through our products, it will better our reputation and allow us to keep our current customers and gain more. We have to remember that our customers are also our business partners. We cannot just simply sell them the product and move on; we have to instruct them on how it works and be there for them in case they have questions, concerns, or problems with the system. With such important information being stored in the cloud, everyone has to know their duties, as well as what information they can and cannot access. The main thing we want to have is good feedback from our business partners, uphold a good reputation with our current and potential clients, and keep our customers with us. Performance Management An investment in the transition to EHRs is very time consuming and costly. Therefore, it is important for an organization to continually make sure the system is working effectively and efficiently. Switching from paper to electronic records can pose a great risk to patient privacy so it is always a good idea to conduct regular risk assessments. The goal of these assessments should consist of making note of potentially weak areas and implementing security updates. There should be a regular review of access availability to see who is editing information. Because EHRs are available to the patient and their various physicians from any location, it is important to assess the customer satisfaction aspect of things. Physicians that are end-users of the information can give useful feedback as to what information they are looking for when checking the background on a new patient while patient feedback consists of ease of use and access, as 11 P age
13 well as timeliness and accuracy. All of these are factors to consider when measuring the performance of an EHR system. Creating a Competitive Advantage By using a centralized storage medium like the cloud, data and program maintenance overhead can be greatly reduced. A single, properly secured server means that maintenance tasks only need to be performed once, and changes brought on by government regulation can be rolled out without fear of system or software compatibility issues. This also means the opportunity for very high data security standards since the total overhead can be kept lower than multiple standalone systems. Increased data safety means more customer reassurance, which leads to more customers. When a system is centralized and available online, geography becomes a trivial problem. A web-based information system can be useful whether the customer is in a major metropolitan area, or the information is needed by a medical service provider in a rural home. All of these factors lead to increased patient care and a reduction of errors. When everyone has the most upto-date information available, better decision making can take place resulting in better patient care. Critical Success Factors In businesses that choose to implement cloud computing there are always critical success factors and ways to measure the success of an implementation. For healthcare in particular there are five critical success factors that must be kept in mind: 1. Establishing Secure Networks/Integrated Platform for Cloud Computing. 2. Regular Evaluation of Performance Methods 12 P age
14 3. Execute a Plan that has Top management support Team #2 4. Create Efficient Cloud Computing Network 5. Create user-friendly cloud networks The first of these success factors is the establishment of secure networks during and after the implementation of the cloud computing platform. These networks should be continuously monitored and evaluated in order to gauge their performance against ever evolving threats and federal regulations. But for any implementation, cloud or otherwise, a plan must be executed with top management support through the use of champions, or people who believe wholeheartedly in your cause. Without the support of management any project is deemed to fail and, as business professionals with IT leanings we must be ready to create efficient and timely in order to not only gain but keep management support. We must also remember, though, that the implementation is not only used by managers, but is used by employees as well: in this case doctors, nurses, office personnel and also patients who wish to access their own records. To meet not only the functional but the aesthetic needs of these users, we must create not only efficient, but user-friendly cloud networks. In creation of these networks, we must maintain the integrity, security, and ease of access to data but also include an interface that is easy to use and easy to learn. Our call to action, therefore, includes all of these critical success factors and should be for IT professionals to bridge the gap with the use of current technologies, including on and off-site equipment, while also leaving a system flexible and scalable enough for future improvements and changes. 13 P age
15 References Team #2 (1)Rubens, Paul (2010). Private Cloud, Defined. [ONLINE] Available at: [Last Accessed February 10, 2013]. (2)Ludwig, Sean (2011). Cloud 101: What the heck do IaaS, PaaS and SaaS companies do? [ONLINE] Available at: [Last Accessed February 10, 2013]. (3) ISACA (2008). ITAF : A Professional Practices Framework for IT Assurance Summary Document. [ONLINE] Available at: Assurance-Audit-/Documents/ITAF-Summary-30July08-Research.pdf. [Last Accessed February 10, 2013]. (4) "The HITRUST Common Security Framework." HITRUST. HITRUST Aliance, Web. 26 Mar < APM Group Ltd (2012). What is ITIL?. [ONLINE] Available at: [Last Accessed February 10, 2013]. Schiller, Mike (2012). Auditing Cloud Computing and Outsourced Operations. [ONLINE] Available at: NACACS-Presentations/136-nac2012.pdf. [Last Accessed February 10, 2013]. Badger, M; Grance T; Patt-Coerner, R; Voas, Jeffrey;, (2012). Cloud Computing Synopsis and Recommendations. NIST SP (), pp.81 pp 14 P age
16 Brand, D., (2012). Internal Audit's Role in Cloud Computing. EDPACS: The EDP Audit, Control, and Security Newsletter. 46 (2), pp.1-10 AHIMA. (2010). Managing the Transition from Paper to EHRs. Scott, C. (2012). Risk Assessments What s the big deal? Your responsibilities if you adopt electronic health records. Beckers Hospital Review. Hirsch, Deborah (2012). Health Information Exchange Featured Article. [ONLINE] Available at: healthcare-cloud-computing-becoming-more-popular-but-be.htm. [Last Accessed March 17, 2013]. (5) McGee, M. (2013). Cloud Computing: HIPAA's Role How Privacy, Security Rule Modifications Will Apply. [ONLINE] Available at: [Last Accessed March 17, 2013]. Kleyman, B. (2013). Healthcare endpoint device security strategies: Data control. [ONLINE] Available at: [Last Accessed March 17, 2013]. 15 P age
EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY
Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored
More informationWhy Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it
The Cloud Threat Why Cloud CompuTing ThreaTens midsized enterprises and WhaT To do about it This white paper outlines the concerns that often prevent midsized enterprises from taking advantage of the Cloud.
More informationPrivate vs. Public Cloud Solutions
Private vs. Public Cloud Solutions Selecting the right cloud technology to fit your organization Introduction As cloud storage evolves, different cloud solutions have emerged. Our first cloud whitepaper
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationCloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
More informationCloud Computing Safe Harbor or Wild West?
IT Best Practices Series Cloud Computing Safe Harbor or Wild West? With IT expenditures coming under increasing scrutiny, the cloud is being sold as an oasis of practical solutions. It s true that many
More informationHow To Decide If You Should Move To The Cloud
Can security conscious businesses really adopt the Cloud safely? January 2014 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Executive overview The varied Cloud security landscape How risk assessment
More informationWhy You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc.
. The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Why You Should Consider Cloud- Based
More informationCloud Computing in a Restaurant Environment
WHITE PAPER Cloud Computing in a Restaurant Environment Cloud Computing in a Restaurant Environment How Restaurants Leverage New Cloud Computing Technologies to Achieve PCI Compliance By Bradley K. Cyprus
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationCloud Computing in a Regulated Environment
Computing in a Regulated Environment White Paper by David Stephenson CTG Regulatory Compliance Subject Matter Expert February 2014 CTG (UK) Limited, 11 Beacontree Plaza, Gillette Way, READING, Berks RG2
More informationSession 11 : (additional) Cloud Computing Advantages and Disadvantages
INFORMATION STRATEGY Session 11 : (additional) Cloud Computing Advantages and Disadvantages Tharaka Tennekoon B.Sc (Hons) Computing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Cloud
More informationCloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing
Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing Executive Summary As cloud service providers mature, and expand and refine their offerings, it is increasingly difficult for
More informationStrategies for assessing cloud security
IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary
More informationCloud Computing for SCADA
Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry
More informationCloud Computing in Higher Education: A Guide to Evaluation and Adoption
Cloud Computing in Higher Education: A Guide to Evaluation and Adoption Executive Summary Public cloud computing delivering infrastructure, services, and software on demand through the network offers attractive
More informationInformation Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University.
Information Auditing and Governance of Cloud Computing IT Capstone 4444 - Spring 2013 Sona Aryal Laura Webb Cameron University P a g e 1 P a g e 2 Table of Contents Abstract... 3 Introduction... 3 Previous
More informationCloud computing. Advantages and disadvantages
Cloud computing Advantages and disadvantages CPA Australia Ltd ( CPA Australia ) is one of the world s largest accounting bodies representing more than 139,000 members of the financial, accounting and
More informationSecure HIPAA Compliant Cloud Computing
BUSINESS WHITE PAPER Secure HIPAA Compliant Cloud Computing Step-by-step guide for achieving HIPAA compliance and safeguarding your PHI in a cloud computing environment Step-by-Step Guide for Choosing
More information50x 2020 40 Zettabytes*
IBM Global Technology Services How to integrate cloud-based disaster recovery into your existing business continuity plans Richard Cocchiara: IBM Distinguished Engineer; CTO IBM Business Continuity & Resiliency
More informationShaping the Cloud for the Healthcare Industry
Shaping the Cloud for the Healthcare Industry Louis Caschera Chief Information Officer CareTech Solutions www.caretech.com > 877.700.8324 Information technology (IT) is used by healthcare providers as
More informationCloud Strategy PART TWO
Cloud Strategy PART TWO Cloud Computing To get the most from this article, it is prudent to have a basic understanding of cloud computing. If you are extremely new to the concept, this white paper explains
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationThe Elephant in the Room: What s the Buzz Around Cloud Computing?
The Elephant in the Room: What s the Buzz Around Cloud Computing? Warren W. Stippich, Jr. Partner and National Governance, Risk and Compliance Solution Leader Business Advisory Services Grant Thornton
More informationCLOUD MIGRATION STRATEGIES
CLOUD MIGRATION STRATEGIES Faculty Contributor: Dr. Rahul De Student Contributors: Mayur Agrawal, Sudheender S Abstract This article identifies the common challenges that typical IT managers face while
More informationThe cloud - ULTIMATE GAME CHANGER ===========================================
The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud
More informationSuccessful Strategies for Implementing SaaS/Cloud Solutions in Healthcare
Successful Strategies for Implementing SaaS/Cloud Solutions in Healthcare WHITEPAPER Executive Summary As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful option
More informationImplementing Clinical Solutions in the Cloud
Implementing Clinical Solutions in the Cloud NICK LAGROTTA Contents Introduction... 1 What is the Cloud?... 2 Service Models... 2 Delivery Models... 2 Cloud Challenges... 3 The Benefits of a Clinical Cloud...
More informationBridging the HIPAA/HITECH Compliance Gap
CyberSheath Healthcare Compliance Paper www.cybersheath.com -65 Bridging the HIPAA/HITECH Compliance Gap Security insights that help covered entities and business associates achieve compliance According
More informationEnsuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services
Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationCLOUD MIGRATION. Celina Alexandre M6807
CLOUD MIGRATION M6807 S Content 1. Introduction 2. Methodology 3. Requirements Definition Phase 3.1. Strategy 3.2. Knowledge 06/05/15 2 Content 4. Analysis Phase 4.1. Aplications and Systems 4.2. Development
More informationHARNESSING THE POWER OF THE CLOUD
HARNESSING THE POWER OF THE CLOUD Demystifying Cloud Computing Everyone is talking about the cloud nowadays. What does it really means? Indeed, cloud computing is the current stage in the Internet evolution.
More informationArchitecting the Cloud
Architecting the Cloud Sumanth Tarigopula Director, India Center, Best Shore Applications Services 2011Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without
More informationMapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.
Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4
More informationClarity in the Cloud. Defining cloud services and the strategic impact on businesses.
Clarity in the Cloud Defining cloud services and the strategic impact on businesses. Table of Contents Executive Summary... 3 Cloud Services... 4 Clarity within the Cloud... 4 Public Cloud Solution...
More informationHIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1
HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps
More informationWHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
WHITE PAPER: STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT IntelliDyne, LLC MARCH 2012 STRATEGIC IMPACT PILLARS FOR EFFICIENT MIGRATION TO CLOUD COMPUTING IN GOVERNMENT
More informationEnsuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services
Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services 1 Contents 3 Introduction 5 The HIPAA Security Rule 7 HIPAA Compliance & AcclaimVault Backup 8 AcclaimVault Security and
More informationEnsuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services
Ensuring HIPAA Compliance with Computer BYTES Online Backup and Archiving Services Page 2 of 8 Introduction Patient privacy has become a major topic of concern over the past several years. With the majority
More informationSecurity Considerations for Public Mobile Cloud Computing
Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of
More informationHow To Choose A Cloud Computing Solution
WHITE PAPER How to choose and implement your cloud strategy INTRODUCTION Cloud computing has the potential to tip strategic advantage away from large established enterprises toward SMBs or startup companies.
More informationIT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014
IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system
More informationWHY YOU SHOULD CONSIDER CLOUD BASED EMAIL ARCHIVING.
WHY YOU SHOULD CONSIDER CLOUD BASED EMAIL ARCHIVING. INTRODUCTION A vast majority of information today is being exchanged via email. In 2011, the average corporate user will send and receive about 112
More informationWhy Consider Cloud-Based Applications?
Abstract Achieving success for today s compliance professional is both tougher and easier than ever. On one hand, there are more regulations and standards at almost every level, on the other, there are
More informationThe NREN s core activities are in providing network and associated services to its user community that usually comprises:
3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationNAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC
Main Types of Cloud Environments: - Public Cloud: A service built on an external platform run by a cloud service provider such as IBM, Amazon Web Services or Microsoft Azure. Subscribers can get access
More informationCloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security
Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief
More informationCLOUD IN HEALTHCARE EXECUTIVE SUMMARY 1/21/15
CLOUD IN HEALTHCARE CURRENT STATE AND STRATEGIES THAT IMPACT THE BOTTOM LINE EXECUTIVE SUMMARY As healthcare organizations struggle with competing priorities such as HITECH/ARRA, Meaningful Use, ICD-10,
More informationRunning head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1
Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:
More informationBest Practices in Healthcare IT Disaster Recovery Planning
BUSINESS WHITE PAPER Best Practices in Healthcare IT Disaster Recovery Planning Assessing your options for leveraging the cloud to enhance compliance, improve recovery objectives, and reduce capital expenditures
More informationPrivacy for Healthcare Data in the Cloud - Challenges and Best Practices
Privacy for Healthcare Data in the Cloud - Challenges and Best Practices Dr. Sarbari Gupta sarbari@electrosoft-inc.com 703-437-9451 ext 12 Cloud Standards Customer Council (CSCC) Cloud Privacy Summit Electrosoft
More informationModule 1: Facilitated e-learning
Module 1: Facilitated e-learning CHAPTER 3: OVERVIEW OF CLOUD COMPUTING AND MOBILE CLOUDING: CHALLENGES AND OPPORTUNITIES FOR CAs... 3 PART 1: CLOUD AND MOBILE COMPUTING... 3 Learning Objectives... 3 1.1
More informationSecuring The Cloud With Confidence. Opinion Piece
Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery
More informationConfidence in the Cloud Five Ways to Capitalize with Symantec
Five Ways to Capitalize with Symantec Solution Brief: Confidence in the Cloud Confidence in the Cloud Contents Overview...............................................................................................
More informationITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
More informationCLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1
CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities
More informationCloud Backup and Recovery for Endpoint Devices
Cloud Backup and Recovery for Endpoint Devices Executive Summary Armed with their own devices and faster wireless speeds, your employees are looking to access corporate data on the move. They are creating,
More informationCloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems
eenviper White Paper #4 Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems 1 Executive Summary Cloud computing could revolutionise public services
More informationEnsuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services
Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationHIPAA Security Risk Analysis for Meaningful Use
HIPAA Security Risk Analysis for Meaningful Use NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA
More informationDesktop Solutions SolutioWhitepaper
Author: Mike Herrmann With organizations looking for new ways to cut costs and increase productivity, the use of cloud computing has grown. The most common form of cloud computing is for vendors making
More informationThe Cloud Computing Revolution: Beyond the Hype
The Cloud Computing Revolution: Beyond the Hype KEN ADLER Partner and Chair, Technology and Outsourcing Practice Group Loeb & Loeb LLP Outsourcing in Financial Services Program October 19, 2010 Overview
More informationThe Cloud as a Platform
The Cloud as a Platform A Guide for Small and Midsize Business As the cloud evolves from basic online software tools to a full platform for business, it can provide ways for your business to do more, grow
More informationThe Need for Service Catalog Design in Cloud Services Development
The Need for Service Catalog Design in Cloud Services Development The purpose of this document: Provide an overview of the cloud service catalog and show how the service catalog design is an fundamental
More informationProactive controls to mitigate IT security risk
Proactive controls to mitigate IT security risk Policy Compliance Content Security Secure Access Endpoint Security Information security risk mitigation Empowering people to work securely The Cryptzone
More informationCloud computing: Innovative solutions for test environments
IBM Global Services April 2009 Cloud computing: Innovative solutions for test environments Speed test cycles and reduce cost to gain a competitive edge Page No.2 Contents 2 Executive summary 3 Leading
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationA Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011
A Strawman Model NIST Cloud Computing Reference Architecture and Taxonomy Working Group January 3, 2011 Objective Our objective is to define a neutral architecture consistent with NIST definition of cloud
More informationProtecting Your Data On The Network, Cloud And Virtual Servers
Protecting Your Data On The Network, Cloud And Virtual Servers How SafeGuard Encryption can secure your files everywhere The workplace is never static. Developments include the widespread use of public
More informationU.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER
U.S. HOUSE OF REPRESENTATIVES SUBCOMMITTEE ON TECHNOLOGY AND INNOVATION COMMITTEE ON SCIENCE, SPACE, AND TECHNOLOGY HEARING CHARTER The Next IT Revolution?: Cloud Computing Opportunities and Challenges
More informationHEALTHCARE & SECURITY OF DATA IN THE CLOUD
HEALTHCARE & SECURITY OF DATA IN THE CLOUD August 2014 LYNLEE ESPESETH Marketing Strategy Associate Denver Fargo Minneapolis 701.235.5525 888.9.sundog FAX: 701.235.8941 www.sundoginteractive.com In this
More informationTips For Buying Cloud Infrastructure
27 Tips For Buying Cloud Infrastructure A Comprehensive list of questions to ask yourself when reviewing potential cloud providers By Christopher Wilson @chrisleewilson Table of Contents Intro: Evaluating
More informationThe Cloud at Crawford. Evaluating the pros and cons of cloud computing and its use in claims management
The Cloud at Crawford Evaluating the pros and cons of cloud computing and its use in claims management The Cloud at Crawford Wikipedia defines cloud computing as Internet-based computing, whereby shared
More informationEverything You Need To Know About Cloud Computing
Everything You Need To Know About Cloud Computing What Every Business Owner Should Consider When Choosing Cloud Hosted Versus Internally Hosted Software 1 INTRODUCTION Cloud computing is the current information
More informationHIPAA COMPLIANCE AND
INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery
More informationWhite Paper: The SaaSy Approach to Delivering Electronic Health Records
This white paper explains how Amazing Charts in Cloud can transform your practice without forcing you to sacrifice productivity or take on the costs of hosting your own EHR. White Paper: The SaaSy Approach
More informationConfiguration Management System:
True Knowledge of IT infrastructure Part of the SunView Software White Paper Series: Service Catalog Service Desk Change Management Configuration Management 1 Contents Executive Summary... 1 Challenges
More informationHow To Get More Out Of Your Data Center
Data Center Encryption Survey Executive Summary Securing the Path to Consolidation in Today's Data Center Overview Many want to make data center consolidation happen, but few have actually done so. While
More informationTufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.
Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationStudy of Cloud Computing in HealthCare Industry
Study of Cloud Computing in HealthCare Industry G.Nikhita Reddy, G.J.Ugander Reddy Abstract In Today s real world technology has become a domiant crucial component in every industry including healthcare
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationAll can damage or destroy your company s computers along with the data and applications you rely on to run your business.
All can damage or destroy your company s computers along with the data and applications you rely on to run your business. Losing your computers doesn t have to disrupt your business if you take advantage
More informationEMC PERSPECTIVE. The Private Cloud for Healthcare Enables Coordinated Patient Care
EMC PERSPECTIVE The Private Cloud for Healthcare Enables Coordinated Patient Care Table of Contents A paradigm shift for Healthcare IT...................................................... 3 Cloud computing
More informationTop 5 Reasons to Choose User-Friendly Strong Authentication
SOLUTION BRIEF: USER-FRIENDLY STRONG AUTHENTICATION........................................ Top 5 Reasons to Choose User-Friendly Strong Authentication Who should read this paper This executive brief asserts
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationThe Outsourced IT Hiring Guide
The Outsourced IT Hiring Guide 8 Steps to Help You Find Your Perfect Tech brought to you by 1) Maintenance vs. Issue Resolution Know the difference. With regularly scheduled maintenance, you ll experience
More informationDell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining
More informationAccenture cloud application migration services
Accenture cloud application migration services A smarter way to get to the cloud Cloud computing can help make your apps extraordinarily agile and scalable. You know this. Your competitors know this. And
More information