Not that long ago, data security was not a top-of-mind issue. Now, however, it’s hard not to run across the news of a data breach on a daily basis. As the advantages of cloud computing becoming more and more prevalent, it begs the question: Is your patient data safer in-house or in the cloud?
Very likely your on-premise solution involves data back-ups by your own IT personnel or an external IT company, which brings up two more questions: Is that data backed up to a HIPAA-compliant facility? And have you ever tried to validate that backed-up data?
For the safety of your patients—and practice—it’s important to select a cloud solution that relies on Tier 3 and Tier 4 data centers to protect the data of its subscribers. Data centers at this level are able to ensure that security is handled via a multi-faceted approach.
Security in Physical Terms
In a Tier 3 or 4 data center, only the personnel required to maintain the physical data center have access privileges, and that access is restricted using biometric techniques. Multiple layers of security prevent unauthorized access. Backup power ensures smooth operations even during a power outage. Additional security measures include:
- Access control via mantraps
- Magnetic locks
- 24/7 onsite security personnel
- Monitored and recorded closed-circuit TV
- Back-up diesel generators enabling 30-day operations without traditional power
- Automatic lock-down if too many people try to enter simultaneously
Security in Virtual Terms
Carestream Dental cloud solutions are protected with redundant perimeter firewalls, which guard against malicious hacking and denial-of-service attempts. The solutions use private, non-routable IP addresses, which cannot route traffic to the Internet. They also employ technologies for real-time virus scanning as well as network- and server-based intrusion detection.
Carestream Dental partners with security providers that monitor and interpret reported security threats on the Internet using information from Microsoft Security Bulletins, CERT.org and other vendors. In the event that a security notice is deemed to be a serious threat, security patches are immediately implemented and registered into change management logs for further review and auditing.
The practice management software data of cloud subscribers is further secured through the use of encrypted data channels, unique user IDs and two-factor authentication. Additional safeguards include strong password requirements, automatic logout for inactivity and mandatory password changes following industry-standard guidelines.
Security in Terms of Regulations
Carestream Dental cloud solution data centers are audited by third party accreditation organizations on a regular basis to ensure the effectiveness of the security policies and procedures that are in place. These policies and procedures are integral to maintaining compliance with HIPAA rules. In addition, Carestream Dental cloud solution subscribers have access to their patient data 24/7. Changes to patient data are made in real time for up-to-the-minute accuracy, so verifying the accuracy of that patient data is very easy to do.
Security in the Long Term
“Cloud” and “data security” are two concepts that will likely continue to be top-of-mind issues for most practitioners. However, with the right cloud solution, you should less likely feel the need to cross your fingers and hope for the best. Instead, peace of mind should be the result.