Is It Safe to Store Protected Health Data in the Cloud

What exactly is the cloud?

Is cloud storage a safe way to store PHI?

  • Are the vendor’s security standards appropriate? You have to research each vendor you choose. Make sure the company has a good reputation and solid security policies. You are entrusting the provider to store your information, so the extra time spent researching and comparing providers and their security practices will pay off in the long run.
  • How much data will you be storing? Many companies charge by the amount of storage you use, so understand what your needs are before choosing a vendor. Ensure the vendor can handle the amount of data you would like to move to the cloud.
  • Ensure your data is encrypted when being uploaded to or downloaded from the cloud. This is also your responsibility. Make sure your browser or app requires an encrypted connection before you upload or download your data. Also ensure all devices that contain PHI (laptops, desktops, thumb drives, and centralized storage devices) are encrypted.
  • Make sure your data is encrypted when stored in the cloud. This is perhaps the most important consideration. Data protected by law, such as medical information or personal identifiers, should never be stored in the cloud unless the storage solution is encrypted. Only selected members of your organization should be able to decrypt the data, and your organization should create policies detailing under what circumstances information can be decrypted. Determining whether the stored data will be encrypted requires a careful review of the specific terms of service within your agreement with the cloud service provider. Many cloud service providers store data on a cloud server with no encryption, meaning anyone who has (or can get) high-level access to that server will be able to read your files.
  • Understand how access is shared in your cloud folder. Many cloud storage providers allow you to share access to your online folders. Be familiar with the details on how that sharing works. Can the user read-only or can the user edit the file? Will you know who the last person to edit a file was? Awareness of who has access and how is critical to monitoring activity within your stored data.
  • Understand your options if the cloud provider is hacked or your data is lost. Virtually all cloud service providers require a user to sign an agreement that contains a “terms of service” provision. In most cases, these agreements provide that the user has very little, if any, remedy if a hack or a loss of data occurs. Pay attention to what rights you have given up and make sure you are comfortable with doing so.

--

--

--

Dr. Patricia Salber and friends weigh in on leading news in health and healthcare

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Active Directory User Accounts with No Password Required

zilWatch FAQ

+1 (812)-884–0132) how do i talk to a real person at bank of america.

The 6 Best Ways to Prevent Your Data From Getting Frozen or Stolen Next Year

The Social Engineer’s Guide to Phishing: Part II

Write-up: Username enumeration via account lock @ PortSwigger Academy

Secure Your Data with Homomorphic Encryption

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Doctor Weighs In

The Doctor Weighs In

Dr. Patricia Salber and friends weigh in on leading news in health and healthcare

More from Medium

JXL now offers field sum-ups of your issue hierarchy and groupings

Time management tips for field service managers

Azure Administrators : Show off your skills with exam AZ-104

My Google Chrome Tabs (Currently Open and Eating Up Memory)