The most recent issue of Imaging Technology News describes the security challenges inherent with cloud-based services for sharing of medical images and reports.
The essence of the piece is captured by the subtitle: “Feeling Secure About Security.” The article is by Katherine Leslie, B.S., RDMS, CRA, RT, (R) (CT), who is imaging services director at Central Peninsula Hospital (CPH) in Soldotna, Alaska.
An early adopter of eMix, CPH is an authoritative source on healthcare IT, having been named one of the nation's “Most Wired Hospitals and Health Systems” for 2010 by Hospitals and Health Networks.
Katherine Leslie notes the reasons that tight security is crucial for cloud-based information sharing. But she also points out that many facilities currently share healthcare data via virtual private networks (VPNs).
Those setups create security issues that don't apply to any cloud-based service. A VPN is essentially a pipe between two facilities, Leslie writes. Through that pipe, other hospitals can view unrelated data on the other end. Cloud-based services only provide access to files of interest.
The security criteria that CPH required eMix to meet included:
• Protection against malicious penetration of the network. Multiple firewalls to independently protect the content and database servers. Intrusion detection monitoring 24/7.
• Data encryption. To make intercepted data unreadable – for example, data transmission using SSL (Secure Sockets Layer).
• Data redundancy. Protecting against data loss with redundant data on content servers, database servers, and Web-servers.
• Limited access at member institutions. Service is only available to verified users at authorized institutions.
• Data tracking and recovery. Dependable, multiple means for recovering data in event of loss.
• Protection against malicious recipients. Identify verification for all new recipients of electronically shared data.
• Information security agreement. “Infosec” agreement or interactive disassembler (IDA) between customer facility and information exchange vendor.
Leslie advises facilities to insist that any vendor they use for cloud-based data exchange meet every one of these criteria. eMix passed that test, which is a primary reason – besides its track record of successful use – that CPH went with it. You can read the entire article here.