Client-server EHRs are supposed to have the upper hand over cloud-based solutions when it comes to data security, but this is merely a myth.
Last Thursday’s webinar about unlocking the security benefits of cloud-based EHRs revealed why. Led by John Walsh, Chief Technology Officer at CareCloud, and David Houlding, Healthcare Privacy and Security Lead Architect at Intel Corporation, attendees were highly engaged in the webinar and asked great questions until the very end.
With time running short, however, a few questions were left unanswered. So we’ve decided to address these below for everyone’s benefit.
Q: Do you have any suggestions about what type of documentation my practice should be getting from our ‘cloud-based EHR vendor’ to support our internal risk analysis?
A: Natural disasters like storms and flooding are inevitable, so at minimum, you’ll need to ask the vendor for a disaster recovery policy and procedures document.
Furthermore, you should ensure your vendor meets HIPAA standards for data transmission, or 128-bit SSL file encryption, at a minimum. And if you’re in the market for a cloud-based EHR, ask for documentation that proves the product has been Meaningful Use certified by an ONC-ATCB testing organization, such as the Drummond Group.
Q: What is the best way to receive the additional resource links shown on the final slide for later viewing?
A: As a registered attendee you can always go back to view a replay of the webinar and simply fast-forward to the last slide.
For your convenience, we’ve also listed them here:
Secure Healthcare Analytics in the Cloud
Healthcare Information Security: A Status Report
Workarounds in Healthcare, a Risky Trend
Healthcare Information Security, Compliance, and Risk
Q: When talking to a vendor, what types of ‘certifications’ should we ask about?
A: For security purposes, you’re going to want to make sure that any prospective EHR vendor is both HIPAA and HITRUST compliant.
In addition, it’s wise to ask your vendor for documentation regarding the level of its data center, seeing as data storage is as vulnerable to physical theft as it is to digital interference. A certified level 3 or 4 data storage center is far more reliable than a startup with a small server farm in its closet.
Q: How does cloud-based data storage differ from putting your data on a mainframe (an idea that was popular in the 60’s and 70’s)?
A: For one, mainframes were not meant for data storage, but rather for data processing. The term ‘cloud’ refers to distributed computing, in which components on networked computers communicate and coordinate their actions in order to achieve a common goal. In the case of cloud-based EHRs, the goal is the storing and sharing of health information.
If you missed out on last week’s webinar, click here to watch the recording.
Do you know what you need when setting up a new medical practice?
