A lot of industries have expressed concern – or are just plain nervous – about security in the cloud, but perhaps no industry has to practice more extreme caution about putting data into the cloud than the health care industry. Six Ways Wireless Technology Is Transforming Health Care It appears that concern is well justified, […]
A lot of industries have expressed concern – or are just plain nervous – about security in the cloud, but perhaps no industry has to practice more extreme caution about putting data into the cloud than the health care industry.
Six Ways Wireless Technology Is Transforming Health Care
It appears that concern is well justified, according to a new study from the Ponemon Institute. In an industry that is heavily regulated to protect patient privacy and other medical-related information, organizations are still lax about the security of that data when it is stored in the cloud or on mobile devices. According to the study:
Many respondents are uncertain or do not know whether these laws apply to the safeguarding of regulated data on mobile devices. As an example, 67 percent of respondents say their organization must comply with US state privacy and data breach laws yet only 18 percent believe these laws specify the protection of regulated data on mobile devices. Such perceptions result in organizations not being in compliance and facing potential regulatory fines and legal action.
The study also found that too many employees who are required to have access to protected health information (PHI) have little knowledge of the security requirements surrounding that data, as FierceMobile Healthcare pointed out:
Approximately 33 percent of respondents said that they need to access PHI to do their work. Nevertheless, only 15 percent of survey participants knew of HIPAA’s security requirements for regulated data on mobile devices despite 33 percent of respondents indicating that they are part of a HIPAA covered entity.
HIPAA has addressed the concerns of cloud security and PHI with the HIPAA Omnibus Final Rule by defining that data centers and cloud providers are considered business associates and must comply with privacy and security regulations for the health care industry. (The Final Rule compliance deadline is September 23, 2013.)
In a statement, Larry Ponemon said that the devices used to access health care data aren’t secure. He’s right, up to a point. Devices have vulnerabilities. There are too many questions about how to handle cloud security. But when you look at how many employees handling the data either aren’t making an effort to be secure or don’t care or don’t know that they have to – numbers that are too high and are clearly revealed in this study – it isn’t fair to put the blame on the devices.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
