3 insights on working with cloud vendors

Alongside the benefits of healthcare cloud computing, including lower costs and mobile access to information, the cloud also carries certain risks. Mitch Parker, chief information security officer at Philadelphia-based Temple University Health System, discussed how to approach relationships with cloud vendors at an eHealth Initiative presentation, reports Healthcare Informatics.

Here are three insights on working with cloud vendors from Mr. Parker.

1. Third party solutions are subject to the same rules and regulations as on-premise applications. The risk of "shadow IT," or using IT systems that aren't explicitly approved for use by the organization, becomes more prevalent with third party cloud vendors, but it is IT leadership's due diligence to put cloud solutions through a standard risk assessment and evaluation, Mr. Parker said. "You have to have one set of rules apply to everyone. The second you sanction shadow IT, you do not have that one set of rules. You do not have the criteria by which you can evaluate risk," he said, adding this is required by HIPAA anyways.

2. Be thorough in security evaluations. Mr. Parker said he asks every vendor 163 questions related to their security, and he follows up on answers to questions. "You have every right to ask questions and ask vendors for changes," Mr. Parker said. "Don't accept it when a vendor says it is an accepted configuration. Ultimately you are still responsible for that data even though it is housed at a third party."

3. As new business partners, make sure to cover all the bases. The new relationship should not adversarial, but healthcare organizations need to clearly spell everything out, including hosting, development, ongoing maintenance, upgrades and downtime.

More articles on health IT:

UW Medicine reaches $750,000 HIPAA settlement for 2013 breach
Epic endows UW-Madison faculty positions; 93% of Cerner employees give up right to sue in favor of raises; Google spinoff company launches robotic surgery company — 8 health IT key notes
6 EHR vendor switches in 2015

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars