Risk
7/6/2010
01:37 PM
Connect Directly
RSS
E-Mail
50%
50%

Microsoft Aims To Alleviate Health IT Cloud Concerns

Healthcare providers still have many reservations about the security of cloud computing for electronic medical records and mission-critical apps.

Many healthcare providers have questions and doubts about adopting cloud computing for administration and hosting of their healthcare information. Steve Aylward, Microsoft's general manager for U.S. health and life sciences, has encouraged healthcare IT decision makers to embrace the technology, which he said could help them improve patient care and provide new delivery models that can increase efficiency and reduce costs.

"Just about everyone I know in healthcare is asking the same question: "What can cloud computing do for me?" Aylward writes in a June 28 blog post.

"Plenty," Aylward answers. "The cloud can allow providers to focus less on managing IT and more on delivering better care: It can, for instance, be used to migrate e-mail, collaboration, and other traditional applications into the web. It can also be used to share information seamlessly and in near-real-time across devices and other organizations," Aylward explains.

Generally defined as anything that involves delivering hosted services over the internet, a cloud computing model that offers a software-as-a-service platform is increasingly being offered to healthcare delivery organizations, especially small and medium-size physician practices that are budget constrained and have few technical administrators on staff.

What has helped information technology managers at health delivery organizations take a closer look at cloud computing, however, is the Obama administration's objective to move medical practices and hospitals away from paper-based systems and onto digitized records. Primarily through the Health Information Technology for Economic and Clinical Health (HITECH) Act, the government has established programs under Medicare and Medicaid to provide incentive payments for the "meaningful use" of certified electronic medical record (EMR) technology.

The government's drive to have every American provided with an EMR by 2014 will mean that digitized clinical data is expected to grow exponentially. However, several doctors contacted by InformationWeek say that, even with those considerations, they are in no rush to outsource the maintenance of their important records and they have delayed their decisions to put sensitive information, such as their EMR systems, onto a cloud-based computing model.

Dr. Michael Lee, a pediatrician and director of clinical informatics for Atrius Health, an alliance of five nonprofit multi-specialty medical groups with practice sites throughout eastern Massachusetts, said that while he recognizes that cloud computing can be a cheaper and more practical model, especially for non-mission-critical applications, he is waiting to see what improvements in security will take place over the next five to 10 years before supporting a decision to put high-level data on cloud computing technology.

"The only cloud computing that we would contemplate at the moment is in the personal health record space, so that patients would own the dimension in the cloud in terms of where they want to store or access information," Lee said.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-4988
Published: 2014-07-09
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.

CVE-2014-0207
Published: 2014-07-09
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file.

CVE-2014-0537
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-0539
Published: 2014-07-09
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via uns...

CVE-2014-3309
Published: 2014-07-09
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote attackers to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj66318.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.