This post, Cloud for healthcare presses on but is slowed by HIPAA anxiety, first appeared on

Facing mounting pressure to take steps toward the healthcare cloud, hospital systems find themselves balancing modern infrastructure trends with HIPAA safeguards.

Imagine a mortgage company telling a household it was too slow in moving to the cloud: Cut the cable cord and start streaming! Buy a smart speaker to order pizza! Have backyard security cameras upload footage to the web for review anytime, anywhere!

Homeowners might be aghast, insulted or just plain confused by such mandates. Yet that’s the world of hospital IT professionals, who feel constant pressure to migrate to the cloud for healthcare activities. I think back to a story I wrote from the HIMSS conference when the former chairman of Alphabet reprimanded the audience about slow-moving cloud projects.

In some ways, fighting the cloud movement is a losing battle. Many bank systems have shifted to the cloud, and the savvier financial institutions have figured out a way to make life easier for customers through this change in IT architecture.

With cloud for healthcare, the yellow-brick road comes with unique potholes. For starters, some hospitals are spooked by the idea of cloud-based patient data that’s not only sensitive, but also subject to tough HIPAA regulations. The idea of putting at least some HIPAA compliance in the hands of third-party cloud vendors can draw beads of sweat upon the brows of IT staff at healthcare organizations.

Healthcare’s enthusiastic foray into IoT — 60% of healthcare organizations already use IoT, according to a study from Aruba Networks, a Hewlett Packard Enterprise company — also brings with it cloud concerns. For example, connected medical devices using IoT sensors offer tremendous real-time monitoring, but data protection in that setting might not be ideal.

There are two long-heralded, but at times under-used, steps that hospitals can take to protect data as it moves to the healthcare cloud. HIPAA business associate agreements should come into play when medical facilities contract with cloud vendors. And the good ole HIPAA risk assessment — in which IT folks weigh the risks to patient data security against potential actions to thwart the threats — serves as a tool to gauge how well hospitals and cloud providers safeguard protected health information.

A homeowner might shrug off any attempts to force cloud migration, but for medical organizations, that option is dwindling. As the cloud for healthcare gains momentum, health systems must move to protect their valuable assets as they migrate, or elevate, there.

This post, Cloud for healthcare presses on but is slowed by HIPAA anxiety, first appeared on

(Visited 10 times, 1 visits today)

Comments are closed.