OCMA Blog

Up in the Cloud: Is It Safe to Store Protected Health Information on Remote Servers?



What exactly is the cloud? Cloud storage is a network of remote servers that allow for centralized data storage and online access to these resources. Your files are stored on a server connected to the Internet instead of being stored on your own computer’s hard drive. The cloud is convenient and cost-effective, providing a way to automatically back up your files and folders. 

Despite these benefits, recent publicity around hacks of public cloud storage websites has raised concerns about whether it is appropriate for medical practices and facilities to store health records and information in the cloud. 

Is cloud storage a safe way to store protected health information (PHI)? As with many new technologies, the safety level of the cloud, and whether it’s appropriate for use, depends on the vendor. There are several issues you will have to keep in mind:

  • Are the vendor’s security standards appropriate? You will have to research each vendor you choose. Make sure the company has a good reputation and solid security policies. 
  • How much data will you be storing? Ensure the vendor can handle the amount of data you would like to move to the cloud.
  • Ensure your data is encrypted when being uploaded to or downloaded from the cloud. This is also your responsibility. Make sure your browser or app requires an encrypted connection before you upload or download your data. 
  • Make sure your data is encrypted when stored in the cloud. Data protected by law, such as medical information or personal identifiers, should never be stored in the cloud unless the storage solution is encrypted. Only selected members of your organization should be able to decrypt the data, and your organization should create policies detailing under what circumstances information can be decrypted. 
  • Understand how access is shared in your cloud folder. Many cloud storage providers allow you to share access to your online folders. Be familiar with the details on how that sharing works. Awareness of who has access and how is critical to monitoring activity within your stored data.
  • Understand your options if the cloud provider is hacked or your data is lost. Virtually all cloud service providers require a user to sign an agreement that the user has very little, if any, remedy if a hack or a loss of data occurs. 

Cloud storage can be a valuable asset to medical practices and facilities, but make sure you have absolute confidence in the service provider’s ability to keep the data safe and secure. 

Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.



Comments are closed.