Virtual
medical consultation: IT Security Implication
The
benefits of virtual health or health videoconferencing make it so attractive to
health practitioners and patients. The migration of IT network and services from
PC’s to mobile devices is driving medical consultation into videoconferencing.
It’s affordable, no contract, wide equipment support, 24/7 services by some
providers, makes it irresistible to consumers and providers (HIPAA-compliant
Secure videoconferencing, 2015).
But, with the volume, and privacy of patient’s
health information involved how secure is it to transmit such important data
through public webmail, for example, yahoo mail, Gmail, rediff mail, etc.
According to David Winder (February 21, 2011), “survey data suggests that as many as half of
GPs who have already provided medical advice by email did so via just such
personal email addresses on the patient side. Worse, only 12% used any form of
encryption. Yet at the same time, some 90% of patients sending email to their
GPs include confidential medical information within those messages.”
While Winder is more
concerned with the security of medical data transmitted through web mail, and
medical diagnosis or consultation by mail, the use of videoconferencing to
diagnose seem to take care of issues, such as identity management, face-to-face
consultation, and personal touch. Winder identified some of the security measures
for email general consultation to include back-end security, data encryption, pass
wording, digital signature, identity management, and ensuring that our PC’s and
mobile devices having one’s medical records are not stolen. With the drive by
NHS to follow the mobile IT migration trend of medical consultation, appointment
scheduling, prescription ordering or reordering, patients medical record, and
test results, it’ll be begging the question, how prepared are IT security professionals
and managers to handle the security implication?
With cloud computing, health systems providers
with large volume of patient’s data, may choose to use either public cloud for health
information storage and management or obtain their own cloud computing
equipment. “From an enterprise point of view, there are some security
benefits to a private cloud. Your information lives behind your firewall
(unless you've co-located your servers somewhere else, and even then, you can
add some firewall protection). Here are some other benefits:
- Your data also can live behind your own locked doors
- You don't have to connect to the internet and can completely isolate your data infrastructure
- You know exactly where your data lives
- You design the architecture for your exact needs
- You know exactly who is granted physical access
- There is absolute clarity of ownership
- There is no risk if your cloud provider shuts downOn the other hand, there are some disadvantages as well:
- Your employees have physical access
- You are on your own when defending attacks
- You are subject to the whims of nature
- You are subject to the whims of your ISP
- You are subject to the whims of your local power grid
- Your security is entirely your responsibility.Now let's contrast that with the security benefits of keeping your data in a public cloud:
- Your data lives behind an enterprise-class firewall
- Your data lives in a very secure facility, often with multiple degrees of physical security
- Thieves intent on stealing your data may not know where your data lives
- Your gear is not at risk from disgruntled employees
- You gain security expertise from your vendor
- You are not alone when defending against DDoS
- You are protected from hardware failures
- You are protected from sudden surges in demand.But as we've discussed, there are also some security disadvantages of using a public cloud. These include:
- Access can be granted from anywhere
- Your data must travel "in the wild" over the open internet to your cloud provider
- Your vendor might grant physical site access to other tenants
- You may be subject to jurisdictional issues, especially when you're dealing with international issues
- There is very little established case law
- You are dependent on the responsiveness of vendor
- You are dependent on the whims or quality of vendor.” (ZDNet, 2015)ReferencesHIPAA-compliant Secure videoconferencing. December 13, 2015. Retrieved from http://www.securevideo.com/Microsoft Health. Sidewinder. David Winder targets security. December 13, 2015. Retrieved from.http://www.microsoft.com/health/en-gb/articles/Pages/How-secure-is-your-virtual-GP.aspx
No comments:
Post a Comment