Regulatory Policies Key when Accessing Health Data on The Cloud

When entering into an agreement with a cloud service provider, health professionals have to ensure that any policies and guidelines from their regulatory bodies regarding electronic health records are taken into account, Elyse Sunshine says in Forensic Accounting & Fraud, a special supplement published by The Bottom Line and Lawyers Weekly.

“Any contract needs to comply with the highest prescribed standards for encryption, firewalls and passwords.”

As the article notes, although cloud adoption is still in its infancy across many industries, a 2016 global survey by a California-based cloud management company found that 95 per cent of IT professionals are using the cloud.

Canadian health-services data is already on the cloud, for example, Ontario’s Institute for Clinical Evaluative Sciences (ICES), “allows researchers to access anonymous patient records and clinical databases on a remote computer server,” says the article. Forensic Accounting & Fraud says ICES insists it maintains privacy and confidentiality of personal health information through the use of physical safety measures and technological safeguards, such as encryption.

Sunshine adds that health-care providers are also required to have a privacy policy and must disclose to patients how they plan to collect and use information on the cloud and obtain patients’ consent.

Read the Forensic Accounting & Fraud Article