With today's technologies are evolving, and the healthcare industry has moved away from
paper processes and now relies heavily on electronic information systems to store and
process data. The cloud movement has an impact on healthcare industry challenges as most
organizations have moved to the cloud for its various benefits.
Today, healthcare providers use clinical applications such as computerized physician
order entry (CPOE) systems, electronic health records (EHR), and radiology, pharmacy,
and laboratory systems majority hosted in some sort of cloud environment.
Cloud environments are not safe. One of the top cloud risks is misconfigured servers
which can lead to data breaches. Another major risk is insecure APIs. Organizations use
APIs to transfer data to business partners without a secure architecture in place. They
also do not conduct proper vendor due diligence and evaluate the data flow lifecycle
risks.
As required under the HIPAA rules healthcare organizations are required to have a
Business Associate Agreement with their vendors or the third-parties. It is equally
important to understand the data security controls of their business associates.