In one of my recent conversations with Dr. Andy Litt, Chief Medical Officer at Dell, he made a really interesting but possibly counter intuitive observation. While maybe not a direct quote from him, I took away this observation from Dr. Litt:
Security and privacy drives people to the cloud.
Talk about an ironic statement. I imagine if I were to talk to a dozen CIOs, they would be more concerned about the security and privacy implications of the cloud. I don’t imagine most would look at the cloud as the solution to some of their security and privacy problems.
However, Dr. Litt is right. Many times a cloud based EHR or other software is much more secure than a server hosted in a doctors office. The reality is that many healthcare organizations large or small just can’t invest the same money in securing their data as compared with a cloud provider.
It’s not for lack of desire to make sure the data is secure and private. However, if you’re a small doctor’s office, you can only apply so many resources to the problem. Even a small EHR vendor with a few hundred doctors can invest more money in the security and privacy of their data than a solo practice. Although, this is true for even very large practices and even many hospitals.
One reason why I think many will disagree with this notion is because there’s a difference between a cloud provider who can be more secure and private and one who actually executes on that possibility. It’s a fair question that everyone should ask. Although, this can be verified. You can audit your cloud provider and see that they’re indeed putting in security and privacy capabilities that are beyond what you’d be able to do on your own.
What do you think? Is hosting in the cloud a way to address security and privacy concerns?