-
The Cloud Security Alliance announced today the release of its newest report, Telehealth Data in the Cloud.
-
With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues.
-
CSA offers several resources for HDOs to help with continuous monitoring activities.
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and best practices to help ensure a secure cloud computing environment, announced today the release of its newest report, Telehealth Data in the Cloud. Produced by the Health Information Management Working Group, the paper examines the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud, including those within the context of edge computing for telehealth solutions.
Read more: Sigma Computing Powers Community-Driven Analytics and Business Intelligence with Major Updates to Cloud Solution
In the wake of COVID-19, health delivery organizations (HDOs) have quickly increased their utilization of telehealth capabilities (i.e., remote patient monitoring (RPM) and telemedicine) to treat patients in their homes. These technology solutions allow for the delivery of patient treatment, comply with COVID-19 mitigation best practices, and reduce the risk of exposure for health care providers. Going forward, telehealth solutions — which introduce high levels of patient data over the Internet and in the cloud — can be used to remotely monitor and treat patients who have mild cases of the virus, as well as other health issues. However, this remote environment also comes with an array of privacy and security challenges.
For health care systems, telehealth has emerged as a critical technology for safe and efficient communications between healthcare providers and patients, and accordingly, it’s vital to review the end-to-end architecture of a telehealth delivery system. A full analysis can help determine whether privacy and security vulnerabilities exist, what security controls are required for proper cybersecurity of the telehealth ecosystem, and if patient privacy protections are adequate.
- Dr. Jim Angle, co-chair of CSA’s Health Information Management Working Group
With the increased use of telehealth in the cloud, HDOs must adequately and proactively address data, privacy, and security issues. The HDO cannot leave this up to the cloud service provider, as it is a shared responsibility. The HDO must understand regulatory requirements, as well as the technologies that support the system. Regulatory mandates may span multiple jurisdictions, and requirements may include both the GDPR and HIPAA. Armed with the right information, the HDO can implement and maintain a secure and robust telehealth program. Cloud Access Security Brokers, the paper notes, ensure HDOs understand what cloud connections are made and what data is sent to the cloud.
Read more: UKCloud Launches Carbon Negative Cloud Services to Advance Sustainable Technology Strategy
CSA offers several resources for HDOs to help with continuous monitoring activities. The Cloud Security Alliance Security Trust and Assurance Registry (CSA STAR)—a registry of cloud providers that have met the security requirements and are certified—provides an open-source tool for annual assessments for continuous monitoring of security controls. The annual Cloud Security Alliance Top Threats List, meanwhile, compiles the top cloud security threats and can provide HDOs with further information on the concepts highlighted in this white paper, including business impacts for each threat, key takeaways, CSA security guidance, and the controls used to help mitigate the threats.
Download the free report.
About Cloud Security Alliance:
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — providing a forum through which different parties can work together to create and maintain a trusted cloud ecosystem.