According to most industry analysts, the cloud as a service has stabilized. This has signaled widespread data migration by even the most conservative and regulatory-intensive industries. In 2017, that includes healthcare and finance, which, according to Gartner, are joining a cloud-driven technology industry that will top $250 billion in 2018.
Now that more medical practices and hospitals are storing data in the cloud, what are the crucial questions that a medical practice or other healthcare agency should ask a potential vendor before migrating to cloud services?
Peak 10surveyed healthcare providers and found up to a 50% increase in their use of cloud service providers and outsourced services. They studied some of the best practices for securing a solid relationship with these service providers and found that CIOs and medical practice administrators need to ask the following questions before selecting cloud service providers:
Q: What kinds of data access and controls are established under the cloud service provider’s SLA?A: Look for providers that encrypt data while in transit and at rest, and that also allow minimal access to data and client systems.
Q: Have your services undergone a third-party compliance audit?A: To ensure regulatory compliance, look for cloud service providers that understand compliance conformity – because they’ve been audited.
Q: Does the provider have a compliance officer and a plan in place to maintain regulatory rules?A: In this area, it’s better to have more in-house compliance expertise, than less.
Q: What process is in place to maintain operations and how is it audited?A: Look for cloud service providers that have undergone third-party audits and offer transparent operational audits.
Q: Where will the data be stored? A: Cloud service providers should store data in the United States and it should have the ability to move between secure data centers in the event of a natural disaster or network downtime.
Q: Who owns the data when it’s in the cloud?
A: This is a sticky question, particularly when it comes to HIPAA compliance. Read the fine print of the provider’s service level agreement (SLA) to ensure that patient data is not compromised.
Q: How is our data segmented to ensure no other businesses can see it?A: Cloud service providers must silo data so that no third-party organization should ever have access. What is the plan for recovering crucial business data and functions should a crisis occur?
Q: If a disaster occurs, what happens to our data?A: As part of a disaster recovery plan, your healthcare organization should understand the steps necessary to retrieve data, whether the crisis is with the medical provider or in the cloud service provider’s data center.
Q: What is the financial stability of the cloud service provider?A: Look for cloud service providers that allow transparency around corporate debt and future operational viability.
Q: In the event of a data breach, how will you be notified?A: Security monitoring and mitigation should be immediate and 24/7/365.
Q: If the service itself changes, how will you notify us?A: Vendors should always notify customers if anything changes related to compliance, security, or privacy.
Q: What are the latest uptime levels and what does the vendor do to ensure redundancy?A: Look for vendors with a documented uptime of higher than 99% — that is an industry standard.
Cloud-as-a-service offers healthcare providers the same benefits that other industries have been enjoying for a decade: Low-cost, higher accessibility, and scalability. While healthcare providers have traditionally been slow to adopt technology, migration to cloud service providers is reaching epidemic proportions in 2017.
Most industry analysts predict that hospitals will continue to place their trust in a hybrid on-premise/cloud model of service. This will allow them to reap the benefits while also shoring up their infrastructure with alternative frameworks, creating redundancy in cloud models.
If your healthcare organization is interested in moving to the cloud, contact TOSS C3 to find out the steps necessary to migrate. TOSS C3 can help manage these services and ensure compliance and security while also optimizing the best benefits of cloud service providers.