For a long time, data security has been a major need in the healthcare industry, but as cloud hosting gains more and more traction, healthcare providers are starting to take advantage of it to keep their data secure. As a whole, the healthcare industry is very conscientious about data privacy and some of these issues can be addressed through cloud encryption and cloud key management.
In the healthcare industry, data has to meet certain regulatory requirements. Therefore, the first step to securing healthcare data is to identify the type of data and the appropriate cloud storage to use for it. For example, Personally Identifiable Information (PII), such as patient records, is stored in a relational database so that it can be accessed easily. Visual data, such as x-rays, CT scans, and other types of video and imaging are large media files and are stored in some type of distributed storage software.
In many cases, healthcare providers are required to protect both visual and PII data, which makes their main challenge to effectively and securely manage cloud encryption keys, without sacrificing the patients’ trust. The important questions of “Who can access the patients’ data?” and “Who is managing the encryption keys?” must be answered.
The best practice for an effective and secure cloud key management is split-key encryption. Split-key encryption is a relatively new technique that allows healthcare providers to manage encryption keys in the cloud, while at the same time, splitting the encryption key so that customers (such as hospitals using medical applications that are being hosted in the cloud) are the only ones who control their “half” of the key. Split-key encryption allows patient data to remain uncompromised, as it is never visible to unauthorized users.