Jul 17, 2018
Cloud-based services offer new functionality and efficiency for
healthcare organizations, but also bring with them new security
considerations for protecting PHI. In this CyberPHIx podcast, Mark
Eggleston, VP and Chief Information Security and Privacy Officer of
Health Partner Plans discusses implementation strategies for
cloud-based applications. Mark and Meditology Services partner,
Brian Selfridge discuss the following approaches for managing data
security risk within cloud-based applications:
- Identify a business case for securing data in the
cloud-environment. Determine if your organization has the
experience to implement the cloud-solution internally or might
benefit from a third-party with experience in implementing a
- Ensure that Service Level Agreements (SLAs) and Managed Service
Agreements (MSAs) with Cloud-Provider include specific security
requirements that include scenarios for end-of-service, ongoing
risk assessment and downstream data sharing with 4th-party
- Clearly define user access roles to ensure cloud providers are
aligning with the minimum necessary requirements.
- Prepare to educate board-level and senior management
about the gaps in security controls with the cloud-providers.
Providing a concise, risk management strategy will bolster the
security function’s role within the organization.