Healthcare Cloud Solutions: Evaluating 4 Key Components of Data Security

A technical brief for assessing cloud solution providers.

The use of healthcare cloud solutions is on the rise. Research firm MarketsandMarkets predicts that healthcare spending on cloud services will reach $9.48 billion by 2020, a big leap from $3.73 billion in 2015.

Several drivers are fueling the surge including addressing medical staffing shortages. Other drivers are cost efficiency, patient facing tools, access to information, telemedicine, and necessary computing power for big data analysis, according to CloudTech. Also, new modalities for diagnostic imaging bring with them increased storage requirements, making the cloud an essential part of an enterprise imaging strategy, according to Winthrop-University Hospital in NY.


image of lock on a cloud


Right alongside those drivers – and perhaps in front of them – is data security. 2016 ranked as the second worst year in terms of the number of patient and health plan members’ records that were exposed in a single year, according to HIPAA Journal.

Yet it is cost-prohibitive for many individual healthcare systems to support the necessary investments in the equipment, technology, personnel, and ongoing training required to deliver the highest level of data security. Instead, many are turning turn to best-in-class cloud hosting providers who can provide industry-leading data security, and free up limited IT resources at healthcare sites.

Four key components of secure healthcare cloud solutions

Security for the cloud applies to everything from the physical setup of your provider’s datacenter, to application-level security and operational procedures. Suppliers must demonstrate and provide evidence that they have the optimal technologies, infrastructures, and processes in place to ensure the security of your data at all levels and stages of the workflow – from duplicate disaster recovery copies and physical protection of the data center to data transmission, storage, and user access.

There are multiple and intertwined layers of technology and processes involved in security. To help you understand and evaluate your cloud provider, we’ve broken down data security into four key components: availability, integrity, confidentiality and traceability.

  • Availability ensures continuous access to data even in the event of a natural or man-made disaster or event such as a fire or power outage.
  • Integrity ensures that the data is maintained in its original state and has not been intentionally or accidentally altered.
  • Confidentiality means information is available or disclosed only to authorized individuals, entities or IT processes, and
  • Traceability is the ability to verify the history, location or application of an item by means of documented recorded identification.

All four components of data security must be maintained at the following three levels:

  • The physical infrastructure of the data center.
  • The hosted application that manages data.
  • The policies and procedures to maintain continuous security in the cloud.

Sound complex? It is. You’ll find more information, including a detailed checklist, in our white paper, How to Evaluate the Data Security Capabilities of Cloud-Based Services. #HIT #cloud

Editor’s note: Carestream’s Vue for Cloud-Based Services meets the requirements for the ISO/IEC 27001:2013 security standard.

Michael Romansky is the Manager for Cloud & Managed Services in the Americas at Carestream Health.