Contact Us

Cloud Migration

Healthcare IT Blog Series - 6 of 6

(This is the sixth post in a Blog series - Moving Healthcare to the Cloud.  The complete series can is now available: Introduction - The Move to the Cloud - Defining the Cloud Project - Managing Risk When Moving to the Cloud - Operationalizing Security in the Cloud - Measuring Success in the Cloud)

In the last blog of our Moving Healthcare to the Cloud series, we discussed how organizations can operationalize security in order to ensure digital assets remain protected. This blog wraps up the series and examines different ways to measure the success of your efforts to move to the cloud and keep your data secure.  

We hope you have benefitted from our ‘Moving Healthcare to the Cloud’ series. Over the course of the first five blogs, we showed how to identify what steps to take in the cloud journey. It starts with focusing on the why—making the business case for moving to the cloud. We then delved into understanding which of your systems are ready for the journey and which are not.

From there, the series addressed how to assess the appropriate levels of risk for all the assets you are moving to the cloud to ensure confidentiality, integrity and availability. In our most recent blog, we demonstrated how to operationalize security. This includes the policy controls to put in place beforehand, how to monitor security, and how to react to breaches.

Some of the key takeaways from our series are the benefits of moving to the cloud, which go well beyond the cost savings. These include improved system and app availability, enhanced ability to manage risk, and increased ability to employ compensating controls and governance.

We also demonstrated how cloud environments are now just as safe—and likely even more safe—than on-premises environments. The key is to assess each of your systems and data sets to determine which ones you are comfortable with moving to the cloud, and which ones you prefer to keep on-site.

It’s then onto integrating your cloud environments with your systems that remain on-premises, and creating a security framework to protect all of your data as it travels across all of your environments. It’s all about implementing the necessary policies and controls, and then leveraging technology tools to control and manage the access of all your end user groups—including clinical staff, administrators, support staff, patients and your Business Associates.

With a plan and program in place, it’s now time to measure how well the policies, processes, and controls are working.

Metrics to Measure Success 

When it comes to measuring the success of moving a portion of your IT infrastructure to the cloud, here are the key metrics to research and analyze:

  • Availability—what percentage of the time can your end users access the applications they need to interact with each other and to do their jobs? Consider the level of availability for all your end-user groups—internal and external.
  • Reliability—if a system or application shuts down, how quickly can it be restored? Is all of the data recoverable? Be sure to test regularly so you know what to expect when a real disaster strikes.
  • Performance—is the throughput sufficient so end users do not get frustrated waiting for responses? For application usage to increase and generate business benefits, the user experience is critical.
  • Capacity—does the cloud environment easily and quickly scale up and down according to the demands on each of your applications?
  • Service—when technical support issues arise, do IT and end users have immediate access to help desk support? Are issues resolved promptly? When necessary, are issues escalated?
  • Cost—keep a close eye on server utilization and “zombie” servers spun up for a specific business purpose but no longer in use. You don’t want to be paying for cloud resources you don’t use.

All of the metrics above should be backed with a clear ‘Code of Ethics.’ The most important aspect of all when it comes to the cloud for the healthcare industry is to ensure data security. Identity management, privacy and access control should be monitored closely. It’s also important to consider how well your cloud environments conform to regulations. If you fail in the ethics arena, the fallout could be cataclysmic.

For specific metrics to determine how well do you manage access and risk as well as how secure and compliant your business is, there are a wide range of numbers to look at:

  • Number of security policy violations
  • Percentage of systems with formal risk assessments
  • Percentage systems with tested security controls
  • Percentage of non-compliant, weak passwords
  • Number of identified risks and their severity
  • Percentage of systems with contingency plans
  • Number of successful and unsuccessful log-ins
  • How many viruses and spam attacks were blocked vs. how many got through
  • How many patches have been applied

For these numbers to be useful, you first need a baseline that examines where you stand today, perhaps recording the results over a three-month time period. You can then compare those baseline numbers to ensuing three-month time periods. The key is to move the needle in the right direction over time.

Increase Value Over Time

As you measure the success of your cloud migrations, strive to improve your metrics in each of the areas listed above so that the value of your cloud environment increases over time. As cloud technologies continue to evolve, you will also want to evaluate how your organization’s use of the cloud should change.

The things you can do today will likely pale in comparison to what you can do tomorrow!

Be sure to check out all of the blogs in our ‘Moving Healthcare to the Cloud’ series. And for more information on migrating your IT infrastructure to the cloud and how to secure your cloud environment.

Read about how Cavirin can protect your ePHI.









Read about how Cavirin can protect your ePHI.








Healthcare IT Blog Series - 5 of 6

(This is the fifth post in a Blog series - Moving Healthcare to the Cloud.  The complete series can is now available: Introduction - The Move to the Cloud - Defining the Cloud Project - Managing Risk When Moving to the Cloud - Operationalizing Security in the Cloud - Measuring Success in the Cloud)

In the last blog of our ‘Moving Healthcare to the Cloud’ series, we presented how organizations can assess, manage and reduce the risk of security attacks. In this blog, we discuss how to operationalize security in order to ensure digital assets remain protected.  

After migrating IT systems to the cloud, integrating your cloud environment with on-premises systems, and assessing your security risks, the next step is to operationalize your on-going security program. By following the best practices presented in our previous blogs, you should already have the framework for a robust system in place.

The program should include a consistent security policy to help you determine everything you need related to protection, audits and remediation. A robust policy serves as a bedrock for establishing a strong security posture and helps you make sure you can answer all the key questions as you delve deeply into the details. Here’s just one example of the many scenarios you will need to consider:

  • How long can patient records be stored on-premises?
  • Does the length of time for storage change if you move records to the cloud?
  • Are there privacy and regulatory issues to be concerned about in one cloud platform versus another?

As this example illustrates, security and compliance become more complex when you move part of your IT infrastructure to the cloud and integrate it with on-premises systems and other cloud environments. But with a proper robust framework in place, you can make sure you ask all the right questions so that the answers identify any security policies and controls you need to change.

Security Lifecycle Management Maintains Security Posture

Operationalizing security involves establishing a lifecycle management program in order to maintain the security posture of your cloud and on-premises infrastructure—from conception to the retirement of various components through all the stages of deployment, integration and support. Tools, applications, operating software and even the hardware appliances will likely go through upgrades and then eventually be replaced by new technologies.

Other components, such as policies and controls, will also go through revisions as business, IT and data conditions change. Here’s a rundown of the key components to manage: 

  • Security Policies—document system constraints that determine the data that the internal staff, patients, Business Associates and other end users can access. The policy should answer the basic questions, “Which groups of end users can do what on each system, and which data sets can they access?” The can also be defined by time, physical position within the facility, and geo-location if the users are operating remotely.
  • Security Controls—apply documented processes and countermeasures, such as firewalls, to prevent as well as detect and mitigate security risks to your data and digital assets.The controls should safeguard sensitive information and prevent unauthorized system usage. The controls need to match your policies and must be monitored to ensure proper enforcement. Misconfigured or unattended controls could result in an increase in exposure, oftentimes increasing the risk with a false sense of security.
  • Application Development Security Framework—it’s just as important to protect your application development and staging environments as it is to protect your production environment. These environments are also subject to cyberattacks and thus need the same level of defense and monitoring.
  • Compliance Auditing—involves a comprehensive review of your adherence to regulatory guidelines, such as HIPAA. While internal audits should occur on a regular basis, regulatory bodies will require you to hire independent consultants to validate your compliance preparations and assessments.
  • Security Monitoring and Response Tools—there’s a wide range of tools to choose from for both security risk monitoring and response, and it’s important to rely on multiple, integrated tools so that you can put attacks into context. You need to make sure you focus on those presenting the highest risk and avoid working on any false positives.

As you formulate your policies, controls and tools, the data access given to various end users will need to vary before, during and after a security breach. As data sets grow bigger, as compliance laws evolve, and as end users become more educated and empowered, the need to adhere to mandates is just one of several reasons to keep ahead of any regulation.

Ongoing monitoring to uncover policy violations and to determine if there are corrective actions to be taken is critical. But monitoring under steady state conditions (where no active response is needed) is also vital. It allows you to establish an “All Clear” baseline against which deviations can be realized.

Also a Competitive Differentiator

In addition to protecting your digital assets, maintaining a strong security posture and staying ahead of compliance regulations (even before the deadline) can be used as competitive differentiators. If your patients see evidence that your organization is proactively addressing security issues, the more likely they will want be treated by your doctors and nurses. Likewise, your Business Associates will more likely want to do business with you.

The falsehood that advertising your security policies will result in a hacker attack is not a reason to avoid raising security awareness. In fact, promoting your security efforts will stimulate laggards to get moving, which will benefit the entire healthcare industry!

In our next ‘Moving Healthcare to the Cloud’ blog,we will wrap up the series by discussing how to measure the success of your efforts in establishing a strong security posture.

Read about how Cavirin can protect your ePHI.








Healthcare IT Blog Series - 4 of 6 

(This is the fourth post in a Blog series - Moving Healthcare to the Cloud.  The complete series can is now available: Introduction - The Move to the Cloud - Defining the Cloud Project - Managing Risk When Moving to the Cloud - Operationalizing Security in the Cloud - Measuring Success in the Cloud)

In the last blog of our Moving Healthcare to the Cloud series, we discussed the key considerations for healthcare organizations that are defining a cloud migration project. In this blog, we examine the technologies to apply in order to assess, manage and reduce the risk of security attacks.

While the cloud is proving to be less risky, more secure and more innovative than traditional on-premises IT, it is still not foolproof nor without risk. Healthcare organizations need to take every precaution in the cloud to ensure confidentiality, integrity, and availability.

In many cases, data must be properly encrypted, with keys stored separately from where the data is stored in order to maintain confidentiality. The number of admins who have access to the keys to decrypt the data should also be limited and all access should be logged and verified. Data integrity can be ensured only if admins and users who have appropriate levels of authorization can modify, manipulate, or delete the data.

Another key defense measure is your backup and recovery program. If a ransomware attack succeeds, you want to at least be able to fall back to an infrastructure and dataset that are free from compromise and can be safely used to get the business back up-and-running.

To protect your organization from ransomware, be sure to run on-going, frequent backups and test these backups as part of your disaster recovery plan tabletop exercises. Along with backup and recovery, also ensure all of your security policies can be applied uniformly to all public and private clouds as well as your on-premises data center. This will help ensure a consistent end-user experience with limited disruption to the business.

Assessing Your Security Posture

A good way to assess your current security posture is to utilize the “CIA” triad model: Confidentiality, Integrity and Availability. The model can guide your information security policies with respect to your data.

Confidentiality applies rules that limit access to information. Integrity assures the data is trustworthy, accurate, and has not been tampered with. Availability guarantees reliable access to the data only by authorized people.

If your organization achieves all three model components, you’ve got a solid security posture and can more easily address the challenges of cloud security. This is especially true for hybrid environments where users and data move back-and-forth from on-premises and cloud infrastructures.

Deploying Access Control in Hybrid Environments 

One of the key challenges when it comes to securing hybrid environments is access control, which requires the enforcement of persistent policies. Adding to the risk is that access in hybrid environments is usually available to a large range of devices. This makes it difficult to create and secure persistency within access policies.

There are a range of access control models to choose from, and it’s imperative to determine which model is most appropriate for your organization—based on data sensitivity and operational requirements. When processing personally identifiable information or other sensitive information types, access control needs to be a core capability of your security architecture to ensure you comply with HIPAA regulations.

Multiple vendors provide privilege access and identity management solutions that can be integrated into your identity management platform, which is key because you may actually require multiple technologies to achieve the desired level of control. Multifactor authentication is another a component to further enhance security.

Given the complexity of access control and the dire consequences, if not handled properly, it’s best to consult with your IT partner!

Multiple Tools Required to Focus Efforts

Another key aspect to consider in enhancing your security posture is the set of tools you deploy for monitoring and responding to risks. This includes identifying risk, measuring risk, and mitigating risk.

It’s critical to rely on a combination of threat intelligence sources backed by analysis tools and security experts so you can put risks into context for the healthcare industry in general and your organization in particular. This makes it possible to know which threats represent the biggest risks so you can focus your efforts in the right place—and avoid wasting time on low-level threats and false positives that don’t represent any real threat at all.

In Closing

We are excited about how popular this Blog series has been, so by request, we will be posting two more postings regarding ‘Moving Healthcare to the Cloud’.  Next week's posting will discuss how to operationalize security--this includes managing the security lifecycle, applying security policies, and establishing control to ensure compliance.  Please check back in next week or subscribe to our Blog postings, by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it. so you will be alerted when they become available.  


Healthcare IT Blog Series - 3 of 6 

(This is the third post in a Blog series - Moving Healthcare to the Cloud.  The complete series can is now available: Introduction - The Move to the Cloud - Defining the Cloud Project - Managing Risk When Moving to the Cloud - Operationalizing Security in the Cloud - Measuring Success in the Cloud)

In the last blog of our Moving Healthcare to the Cloud series, we discussed why it makes sense for healthcare organizations to move their IT infrastructures to the cloud. In this blog, we examine the process for defining cloud migration projects.

Although every step in the overall cloud migration process is critical, just how well you define the project at the start could very well set the stage to streamline success—or cause a lot of pain along the way.

At a high level, you first need to decide exactly what to move to the cloud:

  • Which business functions?This covers the entire spectrum of the healthcare organization—from patient medical services to billing, procurement, insurance claims, compliance, human resources, marketing, communications and physical security as well as the general operations of buildings and grounds. Business processes to which end users require anytime, anywhere access from multiple devices—as well as those processes through which end users collaborate frequently—will likely benefit the most from moving to a cloud environment.
  • Which systems? You may discover that while it makes sense to move a certain business function to the cloud, the function may be supported by a legacy system that makes sense to keep on-premises for the short term. Older technologies may simply not work well in a cloud environment fraught with new technologies. Perhaps it makes sense to wait until it’s time to upgrade the system before moving it to the cloud. 
  • What data? Data is now just as secure in the cloud as it is on-premises. But there may be some systems containing data that you feel more comfortable keeping under your direct control. Over time, senior management may become more comfortable with storing sensitive data in the cloud, but in the near term, it might be best to go with what makes the boss happy!

Most organizations that move to the cloud end up utilizing multiple environments. While health records, financial systems and human resource applications will generally be moved to a private cloud, you may want to isolate them in separate environments. Other systems, such as email and marketing, could be moved to a separate, yet shared, public cloud in order to reduce costs.

Determine the Necessary Resources  

Another key aspect to defining a cloud migration project is determining who will play a key role. You will likely rely heavily on your primary IT partner—or one that specializes in the cloud—for designing your cloud environments. Depending on the services your chosen partner offers, you may also need to turn to another provider (or providers) to host your cloud environments.

Also, consider the internal resources you will need to coordinate the migration and to interact with your partners who maintain the cloud environment. In addition to IT resources filling these roles, you will want to secure the buy-in of the senior management team in getting the organization as a whole to realize and accept the benefits of cloud computing. Moving to the cloud involves a bit of a culture change in the way people interact with applications, so make sure all your end users are on board.

Getting the Ball Rolling 

The best way to get the ball rolling in defining what systems to move to the cloud is to take a ‘Cloud First’ approach. This means that all heads of each business function must show conclusive evidence why certain apps and data are not cloud-ready. The burden of proof lies on these individuals to prove this; otherwise, the cloud is the final destination.

David Chou, CIO of The Children’s Mercy Hospital in Kansas City, spells this out in a three-phase approach to the Cloud First journey:

  1. Evaluate your current culture and outline what is required to transform into a cloud-first operation.
  2. Draft a vision that answers why you are moving to the cloud and what becoming a Cloud First organization will achieve—in a way executives and non-technical employees, including clinicians, can understand easily.
  3. Communicate the benefits that cloud technologies will deliver; this includes the upside to adopting cloud technologies instead of using on-premises systems that the staff is already comfortable using.

The ‘Cloud First’ mandate helps you identify which business functions are the first to move, what systems within each of these businesses to move, and why (as discussed above). This approach also facilitates the identification of critical versus non-critical data, data subject to compliance mandates, and applications that require strict availability versus more tolerant applications.

Next Up: Managing User Access

In our next ‘Moving Healthcare to the Cloud’ blog,we will discuss how to manage end-user access and reduce risk. This includes how to adequately define and enforce access control policies as well as how to monitor, identify, respond to, and mitigate risks. 

Cavirin joint seminar with Logicworks - Meet 5 Innovators Who Are Revolutionizing HealthTech - May 9, evening, NYC

Read about how Cavirin can protect your ePHI.

Healthcare IT Blog Series - 2 of 6

(This is the second post in a Blog series - Moving Healthcare to the Cloud.  The complete series can is now available: Introduction - The Move to the Cloud - Defining the Cloud Project - Managing Risk When Moving to the Cloud - Operationalizing Security in the Cloud - Measuring Success in the Cloud)

As we presented in the opening message in our ‘Moving Healthcare to the Cloud’ blog series, healthcare IT is in a crisis. The good news is, help is available to address the issues healthcare organizations, and their third-party vendors face—and it comes in the form of cloud computing. From the perspective of enhancing patient services as well as internal and patient communications, the future of healthcare is definitely in the cloud.

Nemi George, the Senior Director of Information Security & IT Governance for Pacific Dental Services, provides one specific example:“A key area in which we see the cloud helping us is with our medical imaging,” says George. “Today, a local server is used to capture images and then synchronizes nightly to the data center. Using a cloud service for imaging significantly reduces the cost and the speed to retrieve image files while also allowing access across multiple platforms without the dependency on location.”

As your organization begins its journey to the cloud, the planning should first involve a close look at the top-level ROI. It’s important to know why it makes sense to move to the cloud.

“In line with our risk methodology and cloud strategy, we are comfortable moving applications to the cloud,” George says. “Our focus is on applications that require a high level of resilience and also general business apps that we seek to mobilize, such as Workday and Box, that offer a mobile experience without the dependency of a VPN.”

Cloud Value Goes Beyond Reduced Cost

Most think of the cost savings first, but that’s not the top benefit of the cloud. Other returns will prove to be much more valuable:

  • Improved system and app availability—allowing doctors, nurses and support staff to work more efficiently so they can spend more time focused on patient care.
  • Enhanced ability to manage risk—with system protections that secure sensitive medical records and personal patient data.
  • Increased ability to employ compensating controls and governance—to ensure compliance with regulations and to avoid costly fines.

After considering the top-level benefits, the next things to consider for moving to the cloud are the tactical measures. Here, the objective is to reduce the number of on-premises data center systems required to run the organization.

Not all healthcare apps are ready to be moved to the cloud. You will likely decide to keep one or two on-premises. Perhaps it will make sense to set up an integrated hybrid IT infrastructure with a mix of cloud apps and on-premises apps.

“There are a number of applications such as our core practice management and finance applications that will remain on premises for a number of reasons,” George points out. “These include our legacy application architecture and applications already billed for decommissioning as well as applications that rely on a VPN or sit behind a corporate firewall for security reasons.”

Most Apps Now Safe to Run in the Cloud

For years, availability, privacy and security were cited by healthcare organizations as the reasons for delaying or jettisoning the idea of moving their apps to the cloud. But AWS, Microsoft, Google, IBM and other cloud providers are all proving this premise wrong. In 99% of the cases, apps can and should run in the cloud!

As we saw in our first post, the inability to hire sufficient technical resources is a critical factor in healthcare organizations deciding to move to the public cloud. Hiring internal technical resources with the expertise to design, deploy and support an on-premises infrastructure is costly, and keeping them on-board is difficult. They need constant training to keep up with the latest technologies, and those that are really good will likely grow bored working on just one infrastructure.

It’s also important to note that the rate of innovation in the public cloud is unmatched. For instance, AWS ECS (Elastic Container Service) was launched in 2015. A short time later, the AWS Lambda Computing function-as-a-service offering was made available. These lightweight, yet powerful services are proving to be a big ally for organizations seeking to increase IT agility and decrease IT costs.

Here are two recent examples:

  • The Centers for Medicare & Medicaid Services created a cloud-based analytics platform that eliminated $5M in underutilized infrastructure spending, according to Jessica Kahn, the director of the data and systems group at CMS.
  • Children's Mercy in Kansas City uses Microsoft's Azure cloud services to host an app and data that save lives of at-risk pediatric patients by tracking them after they leave the hospital, according to Richard Stroup, Children's Mercy director of informatics.  

The success of the cloud for these two organizations echoes the success of George and Pacific Dental Services. “The cloud in itself will not impair our security or our compliance,” says George. “And if managed appropriately with the right level of monitoring, oversight, and governance, migrating to the cloud should reduce our costs.”

With results like this, it’s time for other healthcare organizations to dive in!

In our next ‘Moving Healthcare to the Cloud’ blog, we will examine how to define a cloud migration project. This includes identifying who needs to be involved, what applications should make the short list to move to the cloud, and where’s the best place in the cloud for your organization.

Read about how Cavirin can protect your ePHI.

Healthcare IT Blog Series - 1 of 6 

(This is the introduction post in a Blog series - Moving Healthcare to the Cloud.  The complete series can is now available: Introduction - The Move to the Cloud - Defining the Cloud Project - Managing Risk When Moving to the Cloud - Operationalizing Security in the Cloud - Measuring Success in the Cloud)

One of the key themes of the recent HIMMS18 conference in Las Vegas is that healthcare IT leaders need to embrace the power of change to transform how doctors, nurses, staff and patients consume IT. This approach may be more important than ever, given that the industry is in the midst of an IT crisis.

Threats are coming in from several fronts. Here are a few reasons why many CIOs and CTOs are finding it hard to get a good night’s sleep:

The fallacy of thinking compliance = a strong security posture

Some organizations think that abiding by regulations such as HIPAA makes them safe, but this has been proven to be incorrect. Let’s take a real public example. In February 2015, Anthem disclosed that criminal hackers had broken into its servers and had potentially stolen more than 37.5 million records that contained personally identifiable information. 20 days later, Anthem raised the number to 78.8 million records. According to Anthem, the data breach extended into multiple brands that Anthem uses to market its healthcare plans, including Anthem Blue Cross and Blue Shield, Amerigroup, Caremore, and UniCare. The security breach occurred even though Anthem was HIPAA compliant.

Vulnerable legacy equipment

For decades, manufacturers like Siemens, Bosch, Honeywell and others have built embedded systems that run on operating systems from the Stone Age—unpatched, insecure and vulnerable. An example of this includes Siemens medical scanners. Hackers can exploit trivial flaws in the network-connected devices to run arbitrary malicious code on the equipment. These remotely-accessible vulnerabilities lurked in all Siemens positron emission tomography and computed tomography scanners running Microsoft Windows 7.

Too many compliance mandates

It’s hard to keep up with changing mandates because healthcare organizations have patient data dispersed in many databases across the cloud, the network, and a multitude of endpoints. Sometimes they rely on paper as well. This makes it difficult to comply with the stringent regulatory requirements of HIPAA and HITECH and to safeguard PHI, PII and EHR. In addition, medical teams need to access this information quickly in order to meet the demands of timely care. Security teams are thus challenged to find a balance between patient data security and providing easy access to the information.

Modern-day attacks

Ransomware continued to make the news in 2017 and the healthcare industry was not immune; in fact, it was a leading victim—Hollywood Presbyterian declared a state of emergency over a ransomware attack in February last year. The hospital isn't saying exactly when it paid the ransom, but it looks like they waited at least a week to end the file-hostage situation. The hospital said the payment was 40 Bitcoin, which was worth around $17K at the time. An unnamed doctor told the press that the systems responsible for CT scans, documentation, lab work, pharmacy functions and electronic communications were out of commission. Email was also down, so the staff relied on pencil and paper. It was also reported that radiation and oncology were temporarily shut down.

Severe shortage of IT security personnel

According to Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs by 2021. And for qualified security personnel, healthcare IT is not the preferred destination of choice: Facebook, Google, AWS and other high-tech innovators are more attractive. 

New age disruptors

Healthcare organizations have to manage insanely large data sets to make their training algorithms better and more robust. But an even bigger and more disturbing challenge is that non-health entities can now play ‘doctor.’ Findings of the research conducted by the Computational Story Lab, a group led by Chris Danforth and Peter Sheridan Dodds of the University of Vermont, show that Instagram knows if you’re depressed, Twitter can indicate PTSD, and Facebook posts can describe a region’s relative public health.

Identifying the Right Steps to Take in the Cloud Journey

So, with all these developments as a backdrop, and as healthcare organizations look to the cloud as a panacea for everything, there needs to be a reality check on how to look at the cloud in the context of the current state and where healthcare is headed. To help organizations take on this challenge, this blog series will walk readers through the why, the what, and the how of ‘Cloud and Healthcare.’

The series will show how to identify what steps to take in the cloud journey. It starts with the next blog, which will focus on the why—Making the Business Case for the Cloud. The following chapter will delve into understanding what systems are ready for this journey, and frankly, which aren’t. We’ll also look at how you can make that distinction without bias.

The next blog will address the issue of how to assess the appropriate levels of risk for all the assets you are moving (or will be moving) to the cloud to ensure confidentiality, integrity, and availability. The fifth installment will focus on how to operationalize security. This includes the policy controls to put in place beforehand, how to monitor security, and how to react to any indications of breaches or potential breaches. It’s a team effort, so make sure you know who the players are and get your team ready!

Finally, we will look at the advent of artificial intelligence and machine learning, and how there is going to be an opportunity to gather more and do more with patient data, research, and analysis. But all of this should be backdropped with a clear ‘Code of Ethics.’ If you fail in the ethics arena, the fallout could be cataclysmic.

The Need to Embrace Education

The cloud provides an amazing path for your healthcare organization to take a leap forward. You can not only address the security sins of the past in a comprehensive manner, but also set yourself up for success in this new age of healthcare IT that includes the Internet of Things, artificial intelligence and predictive medicine

But, to use the cloud effectively, securely and consistently—truly understanding what the cloud can do for your organization and your patients and to set your organization up competitively—requires you to embrace the need for education without bias. Hopefully, these blog series did just that! 

Read about how Cavirin can protect your ePHI.

© 2019 Cavirin Systems, Inc. All rights reserved.