How healthcare organizations can securely transition to the cloud

December 13, 2018 Austin Herrington

The paramount role of security and protecting patient data in healthcare poses unique concerns for healthcare organizations that transition to cloud-based unified communications (UC). The dilemma: How can we ensure we’re not introducing new vulnerabilities that compromise compliance and introduce risk? The key is to partner with a UC service provider that is focused squarely on healthcare to minimize the possibility of damages.

The inherent security advantage in cloud-based UC

Transitioning to cloud-based UC can inherently improve security, as it eliminates the costly and resource-intensive burden of maintaining a legacy PBX system. When a locally hosted PBX falls behind the latest security standards, it becomes vulnerable to cyberattacks. This is especially risky as, according to a report by the U.S. Department of Health and Human Services, nearly three out of four hospitals do not have a designated security professional on staff.

Healthcare organizations securely transitioning to cloud-based unified communications and using cloud UC services for patient communications.

Partnering with a cloud UC provider shifts the burden of communications security to the UC service provider – an essential first step. By following a few important additional steps, you can ensure that your organization is optimally covered.

Validating the UC provider’s compliance

While many UC providers meet the basic standards of HIPAA compliance, those most dedicated to healthcare undergo third-party HIPAA HITECH assessments. Successfully completing this assessment provides peace of mind that the provider can back up its claims of HIPAA compliance with an impartial, objective review covering a wealth of critical items that include:

  • Breach notifications
  • ePHI encryption
  • Information and facility access management
  • Workforce security awareness trainings
  • Policy and procedure reviews

Further value: Obtaining a BAA

For additional assurance, you should secure a signed Business Associate Agreement (BAA) with your UC service provider.

BAAs are written contracts between the customer (“covered entity”) and the service provider (“business associate”). The BAA specifies each party’s responsibilities regarding the use and safeguarding of protected health information, and typically specifies a lead role for UC provider participation in any audits. The BAA may also specify that the UC service provider is liable for any damages resulting from data breaches, which transfers risk traditionally incurred by the covered entity to the business associate.

In assessing a UC provider’s BAA, confirm that the provider has signed subcontractor agreements with vendors who will be involved in providing your UC service, which eliminates downstream gaps in liability protection.

Final note: Proactive UC provider defense

The most suitable cloud UC providers go beyond checking the boxes on standard regulation and policy compliance. They monitor trends in cybersecurity threats, and proactively arm your organization against them.

For the highest level of security, look for a UC provider that embraces the healthcare industry’s security challenges as its own. In an age of rampant cybercriminal activity, your healthcare organization deserves nothing less.

The post How Healthcare Organizations Can Securely Transition to the Cloud appeared first on Windstream Enterprise.


About the Author

Austin Herrington

Austin Herrington is Vice President of Enterprise Voice Product Management for Windstream Enterprise. He oversees the enterprise product strategy and roadmap where he and his team develop, manage and market advanced products and services offered to customers nationwide, executing programs to help businesses achieve a perpetual state of winning. He was previously Director of Product Management responsible for Windstream’s Internet portfolio and value-added services. Prior to joining Windstream in 2006, Herrington was Director of Product Management for Alltel. He holds an MBA from the University of Arkansas’ Sam M. Walton College of Business.

Follow on Linkedin More Content by Austin Herrington
Previous Article
6 must-have security tools for IT leaders
6 must-have security tools for IT leaders

Securing an enterprise network is an ever-growing task due to twin increases in network complexity and hack...

Next Article
The critical role of security in Unified Communications
The critical role of security in Unified Communications

When it comes to security and compliance for UC, layered-defense countermeasures are the best way to ensure...


Have questions? Chat with a Windstream network expert

First Name
Last Name
Phone Number
Thank you!
Error - something went wrong!