Cloud Computing

Covered entities and their cloud-service providers both have jobs to do when it comes to protecting hosted patient data – and have to strike a balance deciding who does what.

Intelligence agencies, security firms and Big Tech giants and all ringing alarm bells over the growing threat from cybercriminals in the wake of the global COVID-19 pandemic – with ransomware attacks, opportunistic phishing threats and other malicious activities all threatening healthcare organizations worldwide.

The weaknesses highlighted by the FDA in Urgent/11 demonstrate there are susceptibilities within software platforms that are both identifiable and resolvable.

"EHR disaster preparedness testing in the future will need to be able to simulate large volumes of patients over long periods of time," says one nursing informatics consultant.

The private-sector collaborative includes EHR vendors (Epic, athenahealth), Big Tech (AWS, Microsoft), health systems (Mayo, Intermountain) and many others, all working to speed development of "secure, ethical, innovative, open source" tools to combat the crisis.

Backed by an initial investment of $20 million, the project is open to accredited research institutions and private entities using AWS to support development of point-of-care diagnostics.

The social-distancing effort also applies to educational institutions, municipalities and nonprofit organizations.

"Zero trust flips the security model: Instead of 'trust but verify,' organizations 'always verify but never trust,'" one security expert explains.

The goal is to empower healthcare and life sciences organizations of all types and sizes to deliver more personalized and collaborative experiences at scale.

The Shared Responsibility Matrix aims to streamline the assurance process for privacy and security, helping assign responsibilities and reduce misunderstandings when healthcare organizations work with cloud service providers.