Migrating the Health Care Industry's Data Into the Cloud

1
Migrating the Health Care Industry's Data Into
the Cloud

• Walaa Hawasawi
• Michael Turner
• Eyad Fairak
• Eric McGee
• Bradlee Lathon
• Eric Gibson Jr

2
Security Issues of Cloud Computing in Healthcare
3
Define The Problem

• There are tremendous advantages of implementing
  the cloud computing technology in healthcare
  field. However, as we all know there is no such a
  thing called perfection. Therefore, health care
  organizations are facing some huge risks mostly
  represented in turning over data, security,
  availability and control to a third party, which
  means that the organizations have absolutely no
  control over where their data actually located.

4

• Many EMR( Electronic Medical Records) vendors do
  not own their own servers. They are rented from
  companies like Amazon, Microsoft, Apple, and
  other data bank companies. Chances are good that
  your EMR flows on the same server, and hard
  drives as Twitter or Facebook. Unfortunately,
  Unauthorized disclosure of information results in
  severe consequences to the organization and
  significant costs in recovering and restoring
  data as well as notifying affected individuals.

5

• Based on the security issue some important
  questions have been raised How responsible can
  physicians or hospitals be for breaches by a
  vendor, or cloud system provider? What about
  hackers? What are the results of hacking the
  patients EMR?
• HIPAA will become rather meaningless!

6
(No Transcript)
7

• A survey has been conducted by Healthcare IT News
  asked its readers if their organizations plan on
  implementing cloud computing

8

• The Survey's Results
• Forty-eight percent said they plan on making
  cloud computing part of their organizations
  health IT infrastructure.
• While 33 percent are already using cloud. Cloud
  computing has quickly made inroads in their
  health IT space.
• Only 19 percent of respondents indicated they are
  not going for the cloud because of Security
  issues surrounding cloud computing

9

• Another survey has been conducted by KLAS ( Which
  is a research firm on a global mission to improve
  healthcare delivery by enabling providers to be
  heard and to be counted) titled Cloud Computing
  Perception 2013 The Hybrid Cloud in Healthcare.

10
The Survey's Result 66 of non- cloud users
surveyed said security was definitely the main
issue stopping them from moving forward with
adoption.
11
Measure

• The Accenture report statistics were compiled
  from a study released in February by unified
  e-mail management services provider Mimecast
  which last fall surveyed 565 IT decision makers
  across several industries in the United States
  and Canada about their cloud plans.
• The 32 of respondents in the healthcare sector
  using cloud applications were most similar to
  those in industries such as manufacturing, in
  which 32 of respondents in that sector also said
  they were using cloud applications followed by
  respondents in education (29) and retail (35).
•  
• The 73 of healthcare industry respondents
  planning to move applications to the cloud were
  most similar to the 75 of respondents in the
  technology and government sectors who also
  intended to expand their use of the cloud.

12
Analyze
13
Improvements
14
Cloud Security Concerns

• Fear of the lack of valid security and compliance
  has caused the healthcare industry to slow down
  cloud implementation.
• Cloud providers must ensure that their
  infrastructure is secure and that their clients
  data and applications are protected while the
  customer must ensure that the provider has taken
  the proper security measures to protect their
  information.

15
Most Common Concerns

• Identity and Access Management Identity
  management helps to maintain security, visibility
  and control, and centralizing IT control of
  identities and access is useful.
• Data Protection Encryption of traffic and
  isolation mechanisms that serve to separate
  memory, storage, and routing between tenants must
  be put in place in multi-tenant cloud
  environments.
• Compliance Different countries and regions have
  different privacy laws, some more strict than
  others. To be sure that cloud vendors are
  compliant with policy, it is important that the
  cloud infrastructure is auditable.

16
Most Common Concerns (cont.)

• Trust When migrating to the cloud, most of the
  control is now in the hands of the cloud vendor
  which requires trust. To build trust vendors
  need to deliver incident response, such as
  attack analysis, containment, data preservation,
  remediation and service continuity. Data
  management tools are required so that the client
  can see over their data on the cloud and make
  sure agreed upon policies are being enforced.
• Secured Architecture Large cloud infrastructures
  obviously present a bigger and more vulnerable
  target for cybercriminals. To protect a
  healthcare cloud from trojans, rootkits and
  malware requires management of identities and
  APIs at the network edge to ensure that only
  authorized users can gain access. Also Hardware
  and software components that are inherently
  trusted (Roots of Trust) must be established to
  secure server and client machines by measuring or
  verifying software, protecting cryptographic keys
  and performing device authentication.

17
Cloud Security Solutions
18

• To help address the issue of securing sensitive
  patient data and medical records it is necessary
  that both client and vendor are using AES
  encryption.
• AES (Advanced Encryption Standard) This type of
  encryption uses complex algorithms to secure
  data.

19

• Due to the complexity of AES algorithms, in an
  environment where there is endless data being
  passed to and from the cloud, there will be too
  much overhead.
• Solution Intels Advanced Encryption Standard
  New Instructions (AES NI)
• This solution speeds up the execution of
  encryption algorithms by anywhere up to 10 times
  other solutions.
• Intel has built this technology right into many
  of their Xeon, Core vPro and Core processors.
• Video on Intel AES NI - http//www.youtube.com/wat
  ch?vBvmy5BKMG1g

20

• Using the machine specs in the chart below, Intel
  measured the performance benefit offered by Intel
  AES-NI on a Linux/Java software stack to prove
  that use of their advanced encryption technology
  would be beneficial for the healthcare sector and
  allow more organizations to address the
  increasing security concerns within the industry
  and by consumers.

21
Test Results - The test was run 100 times for
each encryption method and the results were
averaged.
22
(No Transcript)
23

• Key Findings
• Application file encryption improved 39
  (average) and file decryption 37 (average) with
  Intel AES-NI enabled over AES128 key.
• Application file encryption improved 37
  (average) and file decryption 38 (average) with
  Intel AES-NI enabled over AES256 key.

24
Control
25

• Customers have built healthcare applications
  compliant with HIPAAs Security and Privacy Rules

26
HIPAA does the following

• Provides the ability to transfer and continue
  health insurance coverage for millions of
  American workers and their families when they
  change or lose their jobs
• Reduces health care fraud and abuse
• Mandates industry-wide standards for health care
  information on electronic billing and other
  processes.
• Requires the protection and confidential handling
  of protected health information

27
HIPAA Compliance

• Administrative Safeguard
• Physical Safeguard
• Technical Safeguard

28
(No Transcript)
29
(No Transcript)
30
(No Transcript)
31
Case Study Nimbus Health

• Helps doctors and hospitals save money by
  enabling healthcare providers to share medical
  records with patients in an easy, online, and
  secure .
• Nimbus Health a fully HIPAA compliant
  Software-as-a-Service (SaaS) solution.

32
THE END