The redundancy and resiliency that the cloud provides are critical for business continuity and disaster recovery, according to Christian.
“We’re really resilient in terms of minimizing the downtime and impact on our end users,” Bhat says, noting that the cloud EHR also provides him access to dashboards and reports indicating compliance with HIPAA and security frameworks such as those from the National Institute of Standards and Technology and International Organization for Standardization.
Bhat advises healthcare organizations considering EHR migrations to “make security a core requirement.”
“If you make security part of the initial build and have the appropriate segmentation and controls, you’re in a much more secure environment after your migration is complete,” he says.
Christian compares designing security in the cloud to building a house: “You don’t wait until the house is up to put in the wiring — you do both together.”
EHR Security Measures: Defining Responsibilities
“Protecting private patient data is the most important responsibility for a healthcare institution,” Ahumada says.
Cloud-based EHRs help healthcare organizations fulfill that responsibility.
Just one employee clicking on an attachment in a phishing email can create a cascade of problems for the entire organization. Each employee interaction with each system represents a potential vulnerability. With cloud-based EHRs, however, security is managed at a central point, Ahumada says.
But that advantage also comes with a risk. “That central point becomes a single point of failure,” he says. If that point is breached, bad actors can gain broad access to sensitive patient and organizational data.
To gain the benefits of a cloud-based EHR while mitigating the risks, healthcare organizations must carefully consider the security measures of both their EHR software vendors and their cloud platforms — and carefully specify each party’s security responsibilities in their business agreements.
“We expect the highest standards from our vendors, and that involves a lot of planning, testing and piloting before moving to the cloud,” Ahumada says of Johns Hopkins’ Epic migration, which began its planning stage about two years ago and will be completed in about one year. “Security is a shared responsibility between the vendors and the healthcare organization.”
The post Cloud-Based EHR Systems: Achieving Security & Migration Success first appeared on TechToday.
This post originally appeared on TechToday.