InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,462.18
(
0.26%
)
US TECH 100
19,160.00
(
1.06%
)
Dow Jones
39,116.74
(
-0.75%
)
Brent Oil
84.19
(
-1.27%
)
Bitcoin
62,019.56
(
2.92%
)
Post# of 249148
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Keep Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Genz2

Send PM Follow Ignore
Followers 5
Posts 2784
Boards Moderated 0
Alias Born 09/06/2006

Genz2

Re: None

Monday, 06/22/2020 11:07:32 AM

Monday, June 22, 2020 11:07:32 AM

Post# of 249148
Cloud Security Alliance Offers Tips to Protect Telehealth Data

https://www.darkreading.com/cloud/cloud-security-alliance-offers-tips-to-protect-telehealth-data/d/d-id/1338136

As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.

The COVID-19 pandemic has pushed healthcare organizations to make telehealth a top priority. As they do, they're forced to confront privacy concerns related to information access, usage, and alteration, as well as the security of public cloud services where health data is stored.

As the Cloud Security Alliance (CSA) explains in a new report on protection of health data, "telemedicine" and "telehealth" should not be used interchangeably. The former refers to the clinical diagnosis and monitoring by technology; the latter has a broader definition. Telehealth covers clinical healthcare and tools such as kiosks, website monitoring applications, mobile apps, wearable devices, and videoconferencing technology to link patients with healthcare providers.

Health delivery organizations (HDOs) are ramping up telehealth capabilities such as remote patient monitoring (RPM) and telemedicine to treat people at home and reduce the risk of exposure for both providers and patients. This will continue to grow long after the pandemic, the experts write.

The increasing reliance on telehealth in the cloud is expected to drive privacy and security risks for healthcare institutions. Most hospital systems delivering telehealth use videoconference tools as well as cloud and Internet technologies, creating a range of potential issues and demanding security teams take a closer look at their architecture to identify flaws and decide on controls.

This is a shared responsibility between the HDO and cloud provider. Healthcare organizations must understand the regulatory requirements of patient data and the technologies they use.

Public cloud services are accessed over the public Internet, which experts say does not mean the cloud is inherently secure but should be considered in a cloud security model. HIPAA requires HDOs maintain "reasonable and appropriate" administrative, technical, and physical protections to protect public health information (PHI). HDOs are also mandated to do a security-threat risk analysis, which includes cloud-based threats and provides information needed to make risk-based decisions.

Healthcare organizations should also identify the security controls they have in place and ensure they're working as intended. As part of these assessments, the HDO should talk with its cloud service providers about governance, compliance, confidentiality, integrity, availability, and incident response and management. Stakeholders must consider the end-to-end security of the systems, including internal policies for access control and user provisioning.

Protected health information is at the core of privacy concerns related to telehealth, and the emergence of targeted attacks against information systems to access PHI is concerning. The HIPAA Privacy Rule, which regulates the collection, use, and disclosure of PHI, provides insight for better understanding the privacy implications. It mandates health organizations to track the use and disclosure of PHI and notify patients when their data is used. The EU's GDPR, which gives people certain rights when data is used, may also apply, depending on where PHI is stored.

Healthcare organizations must know how their cloud providers handle data retention and monitor how they access and use data. If there's a breach of health data, the provider should have a plan for how it will notify the HDO and launch incident response. Cloud providers should also sign a business associate agreement, another requirement under HIPAA.

CSA also emphasizes the importance of a continuous monitoring program to make sure HDOs enforce and improve their security operations for internal controls, as well as privacy and security programs used by a cloud service provider. This monitoring is maintained throughout the data, applications, and systems life cycles and should be altered over time for continuous risk awareness and compliance, the experts explain in their report.
==================================================================
I highly recommend reading "Cloud Computing and Security - A Natural Match" trustedcomputinggroup.org

With telehealth becoming such an important part of the health market, and with Wave's experience in security and TPMs, Wave should be able to help secure such a sensitive area. With well over a billion TPMs in the marketplace, this technology could be really helpful for telehealth and more! With such a great security being built-in to devices, not using it seems CRAZY!!!
==================================================================
https://www.wavesys.com/














Public Reply Private Reply New Post
Keep Last Read
Keep Last Read Next 10 Report Keyboard Shortcuts
Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up