- Preparing Health IT Infrastructure for BYOD Environments
Organizations are consistently adopting IoT devices into their health IT infrastructure, constantly increasing the number of connected devices. As the number of devices and connections grows, so does the chance of a data breach. Large healthcare organizations have to keep an eye on as many as 80,000 connected IoT devices.
BYOD initiatives also cause security concerns as organizations are allowing clinical data access via personal devices. Organizations cannot restrict the apps users access on their own time. Unsupported and dead apps are often used by hackers to infiltrate a device. If that device has access to clinical data it can compromise the entire network.
Cloud computing is becoming a health IT infrastructure necessity as organizations look for solutions that will scale more easily than traditional server-based hardware to compensate for a larger number of connected devices.
According to a Gartner report from 2016, healthcare organizations are working with tight IT budgets and lack of on-premise IT staff continue to support hybrid environments for both on-premise and cloud deployments
The number of cloud-based systems is overtaking the on-premise solution environment year over year. Eventually, on-premise servers will mostly be replaced by cloud storage solutions. Organizations need to establish how to secure their cloud and plan for a future expanded cloud environment before migrating data to the cloud.
While general distrust has significantly dissipated, all healthcare organizations are still concerned about protecting patient information, since moving PHI into the cloud might make the data more visible or accessible to hackers.
The type of cloud environment an organization chooses factors into how the data needs to be protected. Organizations may have several different types of cloud environments to secure including software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS).
Each cloud service model requires a set of policies, technologies, and controls to protect clinical data. Healthcare organizations need to communicate with their cloud service providers and outline what steps are taken to secure data and make sure the vendor is HIPAA compliant.
Most cloud vendors that are HIPAA compliant make it known and are willing to discuss how their solution complies with HIPAA regulations.
The cloud service provider must provide a secure infrastructure for clinical data and applications and organizations need to take the necessary steps to fortify applications with strong security protocols.
On the organization’s end, authentication and authorization processes are used to determine a user’s identity and what resources they can access. Authentication and authorization are most commonly done through usernames and passwords, security software certificates, and hardware keys. Identity and access management (IAM) solutions are often used to protect cloud data.
Data encryption is also another common security strategy used to protect healthcare cloud data. Encryption hides data from unauthorized users and acts as a failsafe if clinical data is stolen.
As healthcare organizations continue to move more clinical applications and data to the cloud, they need to be aware of how data is being accessed and deploy cloud security features that will enable PHI to be accessed in a secure environment.