In the latest newsletter published by the OCR cyber security, there is a great importance given to the security of cloud computing healthcare as well as file sharing. These risks should be given attention in both business and entities use.
Organizations are able to take advantage of the collaboration tools but there is a chance that security and privacy can be put at risk and this is something that should not be taken for granted. Policies for risk management along with BAAs or business associate agreements, should take time to review options with regards to cloud computing and file sharing to make sure that the security of the PHI and the OCR is retained.
According to the newsletter, if the collaboration tools and the file sharing process is not configured properly along with cloud computing services then there is a big chance that common problems will arise such as disclosure of private data. It is often seen that default settings are left untouched when it comes to various security controls, access, encryption and authentication and this is one of the reasons why there are unauthorized access happening which discloses data as a result.
During the risk analysis management approach, the errors or any configurations not done properly should be taken into consideration and it should become a part of the evaluation process of the entity and should reflect in the changes in operation of a certain organization.
It is also best to conduct a vulnerability scan in order to point out any issues in the technical side including outdated software or missing patches.
These should all be considered before an organization decides to use software for file sharing or before implementing technology of cloud computing in healthcare because these will e responsible for transmitting, receiving, creating and maintaining the ePHI.
According to the agency, they have released a guide for 2016 that has been recently updated and is best suited for cloud computing healthcare to make sure that their technology is properly utilized. The major focus of the guide are the providers of the cloud computing services and they are currently being considered to be a business associate as per the regulations set by HIPAA.