Sunday, December 13, 2015

Virtual Medical Consultation: IT Security Implication

Week 2 Blog:


Virtual medical consultation: IT Security Implication

The benefits of virtual health or health videoconferencing make it so attractive to health practitioners and patients. The migration of IT network and services from PC’s to mobile devices is driving medical consultation into videoconferencing. It’s affordable, no contract, wide equipment support, 24/7 services by some providers, makes it irresistible to consumers and providers (HIPAA-compliant Secure videoconferencing, 2015).

But, with the volume, and privacy of patient’s health information involved how secure is it to transmit such important data through public webmail, for example, yahoo mail, Gmail, rediff mail, etc. According to David Winder (February 21, 2011), “survey data suggests that as many as half of GPs who have already provided medical advice by email did so via just such personal email addresses on the patient side. Worse, only 12% used any form of encryption. Yet at the same time, some 90% of patients sending email to their GPs include confidential medical information within those messages.”

 While Winder is more concerned with the security of medical data transmitted through web mail, and medical diagnosis or consultation by mail, the use of videoconferencing to diagnose seem to take care of issues, such as identity management, face-to-face consultation, and personal touch. Winder identified some of the security measures for email general consultation to include back-end security, data encryption, pass wording, digital signature, identity management, and ensuring that our PC’s and mobile devices having one’s medical records are not stolen. With the drive by NHS to follow the mobile IT migration trend of medical consultation, appointment scheduling, prescription ordering or reordering, patients medical record, and test results, it’ll be begging the question, how prepared are IT security professionals and managers to handle the security implication?

With cloud computing, health systems providers with large volume of patient’s data, may choose to use either public cloud for health information storage and management or obtain their own cloud computing equipment. “From an enterprise point of view, there are some security benefits to a private cloud. Your information lives behind your firewall (unless you've co-located your servers somewhere else, and even then, you can add some firewall protection). Here are some other benefits:

  • Your data also can live behind your own locked doors
  • You don't have to connect to the internet and can completely isolate your data infrastructure
  • You know exactly where your data lives
  • You design the architecture for your exact needs
  • You know exactly who is granted physical access
  • There is absolute clarity of ownership
  • There is no risk if your cloud provider shuts down
    On the other hand, there are some disadvantages as well:

  • Your employees have physical access
  • You are on your own when defending attacks
  • You are subject to the whims of nature
  • You are subject to the whims of your ISP
  • You are subject to the whims of your local power grid
  • Your security is entirely your responsibility.
    Now let's contrast that with the security benefits of keeping your data in a public cloud:

  • Your data lives behind an enterprise-class firewall
  • Your data lives in a very secure facility, often with multiple degrees of physical security
  • Thieves intent on stealing your data may not know where your data lives
  • Your gear is not at risk from disgruntled employees
  • You gain security expertise from your vendor
  • You are not alone when defending against DDoS
  • You are protected from hardware failures
  • You are protected from sudden surges in demand.
    But as we've discussed, there are also some security disadvantages of using a public cloud. These include:

  • Access can be granted from anywhere
  • Your data must travel "in the wild" over the open internet to your cloud provider
  • Your vendor might grant physical site access to other tenants
  • You may be subject to jurisdictional issues, especially when you're dealing with international issues
  • There is very little established case law
  • You are dependent on the responsiveness of vendor
  • You are dependent on the whims or quality of vendor.” (ZDNet, 2015)

    References
    HIPAA-compliant Secure videoconferencing. December 13, 2015. Retrieved from http://www.securevideo.com/
    Microsoft Health. Sidewinder. David Winder targets security. December 13, 2015. Retrieved from.http://www.microsoft.com/health/en-gb/articles/Pages/How-secure-is-your-virtual-GP.aspx
ZDNet. December 11, 2015. Retrieved form. http://www.zdnet.com/article/security-implications-of-public-vs-private-clouds/
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)