Introduction
Since the advent of the internet at the start of the 21 st century, its use has greatly taken over the world of business. Today, every sector of business is intensifying the digitalization of services and transactions to increase efficiency and effectiveness. It is the reason many companies now have a research and development department within their ranks. The research and development department is meant to perform investigations and come up with new ideas that can lead to inventions and innovations related to advancement of information technology. There is also the information and communications departments that oversee the operations and security of technology in companies.
The healthcare sector is among business industries that have greatly turned to the use of cloud computing and mobile devices. Healthcare facilities intensified their use of cloud computing and mobile devices to enhance the effectiveness and efficiency of service delivery to patients. Today, hospitals store crucial patient and financial data in the cloud. Moreover, mobile devices are used to deliver services to patients. However, there is the major issue associated with this development and it is the security part. With the rise of cyber hackers and unauthorized data thieves, the need for security of the cloud computing processes and information stored in mobile devices has become quite high.
Delegate your assignment to our experts and they will do the rest.
The purpose of this paper is to develop a policy for the security and safety of cloud computing and mobile devices in the healthcare business environment. This particular goal is pursued because of the sensitivity of the information that is electronically stored in hospitals. If this information as well as data is tampered with, then it is possible to have fatal consequences like medical errors. Some of the information stored in the cloud is about the medical history of patients. Without this medical history, it becomes quite difficult for the doctor to administer correct health care services to the patients. Moreover, loss of crucial administrative information may make it difficult to manage the institution. There is need for following a clear and strict security policy in order to ensure safety of the cloud computing and mobile device technological applications in the hospital.
Therefore, this research paper is of great value to the healthcare players who are interested in the security of their cloud data and mobile devices. The hospital may use this policy developed in the paper to install effective safety and security measures to shield sensitive information from unauthorized access. Readers of this paper should find it valuable in terms of informing providing them with significant and worthwhile tips on how to secure their computer data.
Background and Significance
The use of mobile devices and cloud computing is now on high demand in the healthcare business environment. The investment into technology has significantly increased within the healthcare sector as view of it as a business continues to rise. It is important to note that the healthcare sector was in the past not considered a business environment. Healthcare was viewed as a humanitarian discipline, which had to remain not-for-profit because of dealing with human lives. People thought that issues to do with human lives should not be put to business. However, the pursuit for quality, efficient and effective services has turned the healthcare sector into a major business environment (Chen & Zhao, 2012). Most private and even public hospitals are now for-profit organizations. They calculate the costs incurred in providing a given service and charge a price that enables them break-even and realize some significant margin. This view of healthcare as a business and the emergence of competition among hospitals have intensified the use of cloud computing and mobile devices to improve on medical service delivery.
However, even in the rise of these cloud computing and mobile devices applications, the healthcare business environment is bound by strict laws because of its direct association with human lives. Being a hospital, this organization cannot release information and data related to the medical as well as health history of the patients to third parties. Information and data can only reach third parties from hospitals after consent by the persons themselves. If information leaks to third parties from the hospital, this organization may face a suit where the court could certainly find it in breach of the law.
Considering the strict laws that give patients fundamental rights regarding their data and sensitive information about health history, it is imperative that the organization operates based on a strong policy of security and safety of the content present in the cloud and in mobile devices. The hospital must ensure that the information and sensitive data do not leak to any unauthorized person. Moreover, the organization must rise and ensure that measures are put into place to ensure that no person with the ill-motive accesses the data stored in the cloud or he mobile devices.
Notably, it is not just about the security for the patient information and data. However, the organization also has got its sensitive business data and information that must be guarded from reaching rival healthcare facilities. There is financial data that the company must ensure it does not leak to other people who are unauthorized. Moreover, there is the issue of employee salary data and sensitive title information files stored in the cloud by the company. Such information must be safeguarded through a robust and clearly developed security policy. This reasons form the main justification for the security and safety policy developed in the paper.
Cloud computing, specifically, is normally based on the use of virtualization and distributed mobile device technologies. For one to use cloud computing, he or she must have the mobile devices like laptops, computers and smart mobile phones. Cloud computing is normally characterized by highly abstracted resources (Khan, Ali, Abbas & Haldar, 2014). Moreover, it is also made up of sociability and flexibility that are near instant. The resources for cloud computed are shared. These resources may include software, hardware and database. It is also important to note that the management of cloud computing is programmatic.
This organization must also understand the various classes of cloud computing so that the policy developed in this paper can be applied well in installing security measures. There is the software as a service category. This specific category s normally provided by a third party through internet configuration. It is, therefore given remotely. An example of SaaS is the online word processing and spreadsheet tools. Others include the web content delivery services.
The second class is referred to as the platform as a service. This one enables clients to come up with new applications using APIs. The APIs are normally remotely configurable and deployable. An example, in this case, is the Google App engine.
Finally, there is the infrastructure as a service category, which offers virtual machines as well as other abstract hardware and operating systems. They are then controlled through a service API. An example in this case is the Amazon EC2.
It is also important to note that cloud computing may be available publicly. In this case, it is open for subscription by any organization. Alternatively, cloud computing may be private. In this case, the services can only be accessed through a private network. It is possible to also have the community cloud computing services. In this case, the provider provides cloud computing to a limited number of parties.
Although this organization has invested a lot in the use of cloud computing and mobile devices, it has a highly weak security and safety system in place. There is no sound policy geared towards ensuring that the cloud computing operations carried out on the mobile devices are shielded from any ill activities such as hacking. This kind of security gap has significantly put the organization into huge danger of losing crucial data and even facing suits of patient information leakages. The company does not have a fully constituted information and communication technology department with experts for purposes of taking the charge on programs of securing its cloud computing and mobile devices system. This part of security is the only wanting aspect in the current use of cloud computing and mobile devices by the organization. It is an issue that must be fixed before the hospital falls into a big mess or problem.
It is also important to note that the hospital currently has a high demand of cloud computing and mobile devices. This high need of cloud computing and mobile devices is occasioned by the big rate of growth being experience by the organization. The hospital has been experiencing a growing traffic of patients who demand its services. Moreover, its employee size has grown significantly with the establishment of new department. The organization also is in contract with other major hospitals even outside the country where it makes referrals for critical cases that are beyond its capacity. It is also important to observe that this company is now in business contract with a number of insurance companies where patients can take medical cover and be treated using the cards. All these factors lead to huge data that has to be processed and stored securely.
Cloud computing and use of mobile devices has offered worthwhile solutions to the needs of the company in terms storage of data. There are different benefits of cloud computing that the organization continues to realize. These benefits include faster delivery of services since the technology applied is automated. It is easier and faster to access the patient file among many other files of data through cloud computing and use of mobile devices. Furthermore, it has enhanced accuracy of medical services administration. There are quite minimal medical errors because the right prescriptions are done. It is not now possible to confuse the patient information files and administer wrong medication (Wooten, Klink, Sinek, Bai & Sharma, 2012). Moreover, through the use of mobile services, it is easy to monitor the treatment of patients. Prescription can also be done over the mobile phones without the need for traveling to physically meet the medical officers. Therefore, cloud computing and use of mobile devices has greatly transformed the fortunes of the organization positively. In essence, cloud computing and use of mobile devices provides a new framework for positively transforming the delivery of medical services and enhancing business flexibility of the hospital. It has enabled this organization to operate with bigger efficiency, effectiveness and agility.
However, there are a number of risks, which are inherent when it comes to the use of cloud computing and mobile devices. Healthcare is a highly regulated business environment. The nature of infrastructure applied in cloud computing increases the risk of breach of privacy, compliance, access and security. Cloud computing infrastructure is constructed on server premises that are shared-off and linked through the internet. It is vital to consider the fact that moving personal and medical information over the secure boundaries of the healthcare poses the risk of insecurity. This risk of insecurity of data is even enhanced by the fact that the information has to be accessed through various devices and from different locations. It is a phenomenon that leads to a lot of compliance issues, considering specific laws provided by a number of international bodies. Examples of these bodies include the U.S. Health Insurance Portability and Accountability Act (HIPAA) and the European Commission’s Data Protection Directive.
To mitigate these risks inherent in cloud computing and use of mobile devices, it is important for the organization to consider effective control measures. These control measures must be based on a strong and sound security policy that guides the organization. With the implementation of necessary security controls cloud computing and use of mobile device technologies becomes the best way of operations in the hospital.
Discussion, Implications and Recommendations
Benefits of Cloud Computing and Mobile Technology
There is a huge demand for cloud computing and mobile technology by this hospital. Cloud computing and use of mobile technology has earned this organization huge benefits, considering the fact that it is a healthcare company. Healthcare is now experiencing huge transformation and reforms all over the world. This particular organization has not been left out on this developments experienced as a result of the application of cloud computing and the use of mobile technologies. Healthcare has now become a major business venture hence attracting huge investments in technology like cloud computing to achieve efficiency and effectiveness. There are concerns regarding the quality and access to healthcare. These concerns have made the organization to look for new ways of addressing them and achieving improved healthcare services and efficient delivery models. The adverse effects of delayed payments and disbursements by the insurance companies have also informed the increased investment in the area of technology to fasten the process of service billing and payment disbursement.
Cloud computing and use of mobile technology has enabled this organization to address many challenges it use t face. Adoption of this technology has enabled the company to reduce the cost of operations and earn savings. With cloud computing and use of mobile technology, there is improved delivery of medical services and faster processes (Zhou, Zhang, Xie, Qian & Zhou, 2010). The centralized storage of the medical and patient data within the cloud infrastructure has enhanced proper management of information access. Cloud computing and the application of mobile technology now supports the development and employment of new and less costly approaches to processing of claims, enrollment of patients and storage of their information. This organization used to experience major problems in this area because of the dependence on manual registers. Whenever there was traffic of patients, it occasioned a quite tedious job to enrolling them manually. Some would have their names wrongly spelt. Moreover, these registers were stored in manual files that would get dirty and even experience wear and tear after a long period of time. It was easy to lose some of the papers containing patient information. However, the adoption of mobile technology and cloud computing has significantly solved these problems.
The other benefit realized y this organization is that the centralization of data storage within the cloud has enabled achievement of high speed deployment of the electronic health records. The organization has also attained high speed with other advanced healthcare data systems because of using cloud computing.
Furthermore, cloud computing used by the organization supports point-of-care delivery of services in the healthcare business environment. It has become possible to achieve data sharing and collaboration through the use of mobile technology. Since this organization does not have the capacity in terms of capital and human resources to address all the serious health issues of patients, it has been contracting other developed hospitals outside the country where it makes referrals for its clients through the business process outsourcing model. This process is made effective through the use of cloud computing. The company now speedily outsources for specialized services like radiology using the cloud-based applications. The cloud-based applications used by the organization to outsource some of the specialized services for its patients do link it to providers in provisioning manner akin to the internal network of the company. A patient may even think the services are part of the internal provisions of the hospital. The providers can offer a wide range of healthcare services at lower costs. This provision is also done with greater flexibility in terms of time and coverage (Kuo, 2011). Cloud computing makes the specialized services outsourced to be available on demand. Considering the fact that this organization is located in a rural area, cloud computing and use of mobile technology has greatly improved its synergies with other far-flanged business partners including suppliers of pharmaceutical products. Notably, a highly secure cloud computer is quite helpful in enabling the organization to reach clinical expertise across a wide region.
Healthcare organizations also have got the benefit of enabling scalable, efficient and agile healthcare information technology in the organization. Although healthcare organizations like this one deal with human life directly, they are also quintessential businesses just similar to any other. Therefore, there are numerous benefits that occur to the medical business organizations from cloud computing and use of mobile technology. Vitally, the high availability cloud computing infrastructures do scale in accordance with the existing need. Additionally, they normally provide the computer with the requisite power for any form of workload regardless of the location. It is possible to deliver healthcare services using cloud computing through self-service portals. Alternatively, the self-service medication can be done through the authenticated devices that apply broadband networks with secure accessibility (Kuo, 2011). Therefore a person at an accident site can easily reach the healthcare services of the organization through cloud computing. It is clear from this explanation that cloud computing and mobile devices have made the delivery of healthcare services quite convenient for both the professionals and the clients. Cloud computing has also significantly increased the abilities of hospitals to save lives. Initially people had to travel over huge miles to reach the physical healthcare facility before getting any medical attention. A lot of the seriously sick people used to die while on the way to hospital. No wonder the many cases of dead-on-arrival that gripped every part of the world. However, this specific problem has been addressed through the inception of cloud computing and the application of mobile technology (Kuo, 2011). Moreover, redundancy and disaster recovery are two features built into the cloud environments hence offering assurance over the stability of sensitive information.
The feature of server-consolidation, reduced need for IT management functions, high performance of network and energy savings are part of the notable benefits presented by the adoption of cloud computing as well as the use of mobile devices.
It is vital to observe that the agility of cloud computing and mobile technology is indicated by its ability to offer services in short times. Therefore, this specific company is able to swiftly evolve its business processes and the design of workflow at low cost.
These are some of the major advantages of cloud computing and use of mobile technology to the organization. The company has even realized growth in the market base because of the efficiency and effectiveness recorded following the adoption of cloud-based computing and mobile technology in medical service delivery.
Risks and Security Concerns
Although cloud computing is a field that promises major benefits for the organization, there are serious security concerns that must be addressed. These security concerns are even accentuated by the stern compliance needs considering the regulations and laws that bind operations of healthcare organizations (Kuo, 2011). Without security measures to control the risks of insecurity posed by cloud computing and mobile technology, the organization may find itself in a lot of problems.
There are risks in identity and access management. The current frameworks used by the organization for identification and authentication cannot extend into the cloud. Therefore, if the company depends only on the use of usernames and passwords, it can entail weak link within the chain of security.
There is also the risk of data leakages to unauthorized because of the sharing of servers involved in the case of cloud computing. It must be understood that the data, which is stored in the cloud normally stays in a multi-tenant environment. It shares the virtualized server space with information from other clients served by the same provider (Kuo, 2011). Importantly, the organization that moves sensitive and regulated data into this space faces the risk of having it accessed by unauthorized people. It must be recognized that the major risk posed by this multi-tenancy and shared compute resources in the cloud infrastructures is failure of isolation mechanisms, which normally serve to separate memory, storage and routing among the different tenants.
There is also the risk of breaching the privacy laws and regulations that are the core requirement for healthcare business organizations. The organization may find itself not in compliance with these privacy provisions because of accessed private patient data. Moreover, the difference in the privacy laws given by countries and regions makes it difficult for compliance in cloud computing.
Hacking is yet another risk that must be considered when using cloud computing. It is possible for the organization to become a victim of cyber-attacks through hacking. There are advanced hacking machines that make it into servers and access information. In other instances, the hacker may decide to erase all the data stored in the cloud. Moreover, the hacker may decide to simply tamper with the arrangement and pattern of the data (Kuo, 2011). In a healthcare organization, this tampering with sensitive patient data may lead to medical errors, which are sometimes quite fatal and deadly.
It is also important to acknowledge the possibility of system crash or even internet failure. The cloud computing system may crash and lose data. When the system crashes, it is not possible to access the data in the cloud (Kuo, 2011). Moreover, the internet may fail at a time when the information in the cloud must be accessed to enable critical treatment sessions to proceed and save life. These are some of the security risks that must be considered when using this particular cloud computing technology in healthcare.
Security Policy Recommendations
Cloud computing and mobile technology system used y the organization must be secured through the use of a strong policy. The organization should stick on a data protection policy that ensures it guards stored information from being accessible to unauthorized people. In fact, protecting the sensitive patient data and the medical records is a fundamental responsibility of the organization. The organization must secure data that moves in and out of the cloud. The organization must consider the use of data encryption. With data encryption, information in the cloud cannot be used once slightly compromised. Moreover, data encryption normally demands secure connections of communication. It locks down the browser access and does encrypt content during the transfer over the network as well as throughout the cloud.
The organization should use the Intel hardware-enhanced security technologies in securing data in the cloud as well as in the mobile devices like desktops. These technologies are advantageous because they offer tamper-resistant capabilities that strongly protect identities, data and cloud infrastructure.
This organization must also protect identities in the cloud by managing the people who have the permission to enter cloud-based servers. Strong authentication requirements should be installed so that manipulation is avoided. With the use of Intel technologies, it is possible to monitor people entering the servers and ensuring their legitimacy. These are some of the policies that must be implemented to secure cloud-computing and mobile technology systems of the organization.
References
Chen, D., & Zhao, H. (2012, March). Data security and privacy protection issues in cloud computing. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on (Vol. 1, pp. 647-651). IEEE.
Khan, F. A., Ali, A., Abbas, H., & Haldar, N. A. H. (2014). A cloud-based healthcare framework for security and patients’ data privacy using wireless body area networks. Procedia Computer Science , 34 , 511-517.
Kuo, A. M. H. (2011). Opportunities and challenges of cloud computing to improve health care services. Journal of medical Internet research , 13 (3).
Wooten, R., Klink, R., Sinek, F., Bai, Y., & Sharma, M. (2012, May). Design and implementation of a secure healthcare social cloud system. In Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012) (pp. 805-810). IEEE Computer Society.
Zhou, M., Zhang, R., Xie, W., Qian, W., & Zhou, A. (2010, November). Security and privacy in cloud computing: A survey. In Semantics Knowledge and Grid (SKG), 2010 Sixth International Conference on (pp. 105-112). IEEE.
