Cloud Security Alliance Offers Tips to Protect Telehealth Data

  /     /     /  
Publicated : 23/11/2024   Category : security


Cloud Security Alliance Offers Tips to Protect Telehealth Data


As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.



The COVID-19 pandemic has pushed healthcare organizations to make telehealth a top priority. As they do, theyre forced to confront privacy concerns related to information access, usage, and alteration, as well as the security of public cloud services where health data is stored.
As the Cloud Security Alliance (CSA) explains in a new report on protection of health data, telemedicine and telehealth should not be used interchangeably. The former refers to the clinical diagnosis and monitoring by technology; the latter has a broader definition. Telehealth covers clinical healthcare and tools such as kiosks, website monitoring applications, mobile apps, wearable devices, and videoconferencing technology to link patients with healthcare providers.
Health delivery organizations (HDOs) are ramping up
telehealth
capabilities such as remote patient monitoring (RPM) and telemedicine to treat people at home and reduce the risk of exposure for both providers and patients. This will continue to grow long after the pandemic, the experts write.
The increasing reliance on telehealth in the cloud is expected to drive privacy and security risks for healthcare institutions. Most hospital systems delivering telehealth use videoconference tools as well as cloud and Internet technologies, creating a range of potential issues and demanding security teams take a closer look at their architecture to identify flaws and decide on controls.
This is a shared responsibility between the HDO and cloud provider. Healthcare organizations must understand the regulatory requirements of patient data and the technologies they use.
Public cloud services are accessed over the public Internet, which experts say does not mean the cloud is inherently secure but should be considered in a cloud security model. HIPAA requires HDOs maintain reasonable and appropriate administrative, technical, and physical protections to protect public health information (PHI). HDOs are also mandated to do a security-threat risk analysis, which includes cloud-based threats and provides information needed to make risk-based decisions.
Healthcare organizations should also identify the security controls they have in place and ensure theyre working as intended. As part of these assessments, the HDO should talk with its cloud service providers about governance, compliance, confidentiality, integrity, availability, and incident response and management. Stakeholders must consider the end-to-end security of the systems, including internal policies for access control and user provisioning.
Protected health information is at the core of privacy concerns related to telehealth, and the emergence of targeted attacks against information systems to access PHI is concerning. The HIPAA Privacy Rule, which regulates the collection, use, and disclosure of PHI, provides insight for better understanding the privacy implications. It mandates health organizations to track the use and disclosure of PHI and notify patients when their data is used. The EUs GDPR, which gives people certain rights when data is used, may also apply, depending on where PHI is stored.
Healthcare organizations must know how their cloud providers handle data retention and monitor how they access and use data. If theres a breach of health data, the provider should have a plan for how it will notify the HDO and launch incident response. Cloud providers should also sign a business associate agreement, another requirement under HIPAA.
CSA also emphasizes the importance of a continuous monitoring program to make sure HDOs enforce and improve their security operations for internal controls, as well as privacy and security programs used by a cloud service provider. This monitoring is maintained throughout the data, applications, and systems life cycles and should be altered over time for continuous risk awareness and compliance, the experts explain
in their report
.
Related Content:
Healthcare CISOs Share COVID-19 Response Stories
State of Cybersecurity Incident Response
The Bigger the News, the Bigger the Cyber Threats
CISO Dialogue: How to Optimize Your Security Budget
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that really bad day in cybersecurity. Click for 
more information and to register
 for this On-Demand event. 
 

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cloud Security Alliance Offers Tips to Protect Telehealth Data