Cloud Storage Encryption and How it Relates to Healthcare Data Security

For a long time, data security has been a major need in the healthcare industry, but as cloud hosting gains more and more traction, healthcare providers are starting to take advantage of it to keep their data secure.  As a whole, the healthcare industry is very conscientious about data privacy and some of these issues can be addressed through cloud encryption and cloud key management.

In the healthcare industry, data has to meet certain regulatory requirements.  Therefore, the first step to securing healthcare data is to identify the type of data and the appropriate cloud storage to use for it.  For example, Personally Identifiable Information (PII), such as patient records, is stored in a relational database so that it can be accessed easily.  Visual data, such as x-rays, CT scans, and other types of video and imaging are large media files and are stored in some type of distributed storage software.

In many cases, healthcare providers are required to protect both visual and PII data, which makes their main challenge to effectively and securely manage cloud encryption keys, without sacrificing the patients’ trust.  The important questions of “Who can access the patients’ data?” and “Who is managing the encryption keys?” must be answered.

The best practice for an effective and secure cloud key management is split-key encryption.  Split-key encryption is a relatively new technique that allows healthcare providers to manage encryption keys in the cloud, while at the same time, splitting the encryption key so that customers (such as hospitals using medical applications that are being hosted in the cloud) are the only ones who control their “half” of the key.  Split-key encryption allows patient data to remain uncompromised, as it is never visible to unauthorized users.

Atlantic.Net understands the challenges and the complexities of the healthcare industry.  We are a trusted medical and healthcare partner with nearly 20 years of experience and established credentials.  Whether you are looking for SSAE 16 (SOC 1) TYPE II (Formerly SAS 70), PCI Compliance, HIPAA Compliance Hosting, HITECH Act compliance, IT Governance to prepare for IT Audit, or Sarbanes-Oxley, Atlantic.Net has the right hosting solution for you.  Share your vision with us and we will develop a healthcare hosting environment tailored to your needs!  Contact an advisor at 800.521.5881 or email us at sales@atlantic.net.