HIPAA and EMR created a whole new world of problems for healthcare providers. Both acts require locking down patient information tightly and storing medical records on electronic formats. Healthcare providers had to come into compliance or face fines. As a result, healthcare providers moved data to the cloud because on-site storage wasn’t feasible. HIPAA allows for this type of storage, recognizing that not every healthcare office was capable of operating a server room for records. But the cloud company has to provide stringent measures for accessing medical records stored on their servers. Following are three services to look for in a cloud storage provider.
Image via Flickr by Chris Potter
Not all data encryption is created equal. There’s general encryption and targeted encryption. General essentially takes the whole package of information and encrypts it with the same key. An unauthorized user who has stolen the credentials for that key has access to everything inside. It’s a trivial effort for them to take the information in its entirety and walk away with it. And because they have the credentials, no one knows that anything’s been taken until it’s too late.
Targeted encryption is much more secure as it’s focused on specific files that only authorized users can access. The difference here is that it’s easier to restrict who has access to the files, minimizing the risk of untraceable theft to almost zero.
Creating Restricted Areas of Access
Employees don’t need to see everything that’s in the database. They only need access to information that’s pertinent to their roles. The more access they have, the more likely the chances of a data breach are. While the employee may not have an interest in jeopardizing their position, someone else may not have the same inhibitions and steal login information to the server.
Look into a cloud service provider that lets administrators create restricted areas that only certain employees have access to. It’s easy for the administrator to create areas of access that have information everyone needs and areas of access where only certain users need to go.
What’s the Data Backup Plan?
Hackers are almost never neat and tidy when they break into a database. They leave behind a mess in order to make it difficult for the company to recover. In the event that the business is using a cloud provider as a data backup, there needs to be a backup of the backup. Seek out a cloud provider that has a viable backup system. This is something that can cost extra, but it’s worth it for peace of mind. Having the capability to restore files to their original state speeds up the recovery process and helps identify what was ruined during the data breach.
These are three features to look for in a cloud storage provider. Make sure that the provider meets the needs of the business instead of trying to shoehorn the business needs into a company that’s inexpensive but limited. Spending a little extra now may translate into cost savings later.