Security and the Cloud? A Decade Old Question and Answer
I first encountered the question of cloud security almost a decade ago when I was asked, “Sure healthcare technology in the cloud sounds great…but is it secure?” Back then, when the technology was still relatively immature, it was a much more concerning issue and it was a question being raised across the industry.
Today, as more and more organizations move their day-to-day infrastructure to the cloud, people are becoming more comfortable with the technology and the question has morphed into: “How secure is it, and what is in place to ease my concerns around security?”
In short, the answer, especially for Rhapsody as a Service (RaaS), is: it is very secure, GDPR and HIPAA compliant, and HITRUST certifiable.*
Any security concerns are well founded, especially when considering the repercussions of a data breach in any industry let alone one in healthcare. Protecting patient data is the top priority, after making sure that the right data gets to the right place, at the right time—of course.
And when you actually consider everything that needs to go into securing your integration platform, especially if it is going to be deployed in the cloud, it can get a little overwhelming. That’s where a solution like RaaS comes in to play. Rhapsody has already taken the time to make sure it is secure and allows the end user to offload time and effort, and some of the risk of not getting it right.
Some of the more critical aspects that go into securing your integration platform—irrespective of whether it is deployed in the cloud or not—are:
- Physical security – where you need to control access to the data center, ensuring only well vetted and authorized personnel can get to your servers.
- Encryption – where, especially when seeking a certification like HITRUST, you need to ensure that the data is encrypted not only at rest but also in transit.
- Access control – where you need to make sure that only very specific individuals have access to very specific data or environments.
- Auditing – where you need to make sure that absolutely everything is audited and auditable.
Between your cloud provider and your application provider, all of the above can be off-loaded. For example, with Rhapsody and Amazon Web Services (AWS), AWS ensures physical security and Rhapsody handles the rest. The RaaS architecture and automation tools were designed and built with these considerations from the very start.
With features that ensure no Rhapsody employee, or really anyone, can gain a direct login to the host running Rhapsody, end-to-end (including in transit inside the environment) encryption, and holistic auditing and logging (every click, every change, every record, etc.), many of the security questions that have been asked over the last decade now have an answer.
*Rhapsody is in the process of completing a HITRUST certification, which will provide further benefits for our customers.