Healthcare providers that plan to use cloud-based services to host their electronic health records should first audit such providers via an external company to help build a relationship of trust, according to a new study published this week in the Journal of Medical Internet Research. Doing so, the researchers say, would help to show transparency in the management information process, and would enable a comparison of security terms between several similar companies.
The authors, who say that the cloud computing paradigm is "still under development," also say that patients must preemptively be informed of such data management changes given such uncertainty.
"With the emergence of cloud computing, EHR management systems are facing an important platform shift, but such important changes must be approached carefully," the study's authors say. "In order to make a secure and smooth transition, studying all the security requirements regarding the privacy and confidentiality of patient data are essential."
A survey published in February by technology vendor CDW found cloud adoption to be slower in healthcare than in other industries; out of eight industries profiled, healthcare ranked seventh in terms of cloud adoption, primarily due to security concerns about proprietary data and applications.
Overall, 35 percent of the 156 health IT professionals surveyed said that their organization had been implementing or maintaining cloud computing in 2012, up from 30 percent in 2011.
At a discussion panel held in June at the Health Privacy Summit in Washington, D.C., healthcare and privacy experts agreed that the role of the cloud in healthcare remains up in the air.
"When data is managed or stored in-house [by a provider], there's a very clear responsibility of one company" to protect that data, Adrian Gropper, chief technology officer for Patient Privacy Rights, the non-profit organization that hosted the event, said. "The cloud blurs that distinction—sometimes intentionally."
To learn more:
- read the study in JMIR