Trust matters in health and healthcare, and so do standards on privacy, security and compliance
Spoiler alert! The subject of this blog post will be quite boring for most of my readers. It is, however, one of the most important topics I could share with you.
It seems almost every day we hear about a new data breach of one kind or another. It happens to retailers, web service companies, banks, entertainment companies, and yes, healthcare organizations. In just the past few months you've likely seen headlines about millions of customers and patients whose privacy has been compromised when a big health insurance company, health system or hospital has been hit by hackers. For those organizations, and the customers they serve, it's the worst kind of nightmare. The PR hit is bad enough, but there are also significant financial losses including IT system damage control, business disruption, security investigations, huge fines and costs of providing a year or more of credit surveillance to affected customers and patients. Gaining trust is hard enough, losing trust can be insurmountable.
As big technology companies, including my own, started moving their services to the cloud a few years back and encouraging their customers to follow, I must admit that I originally had reservations. As a physician and former hospital CIO/CMIO, I thought "cloud" would be a pretty hard sell in the healthcare industry. There's nothing more important than maintaining the security and privacy of health information, even more important than financial information. I predicted that healthcare organizations, if they moved to the cloud at all, would do so slowly and very cautiously. Indeed, that has been the case. However, in July of 2015 I can confidently say that the tipping point has arrived and healthcare organizations around the world are adopting cloud as the way forward. Why? The scalability, flexibility, and cost savings are just too compelling to ignore. Furthermore, if one selects a provider of cloud services that is really buttoned up on all the regulatory and compliance issues that must be addressed to be trusted by a healthcare organization, then I assure you that that healthcare organization's data is much more secure than it is likely to be in a data center operated by a typical health system, hospital or clinic itself.
So who can you trust with your healthcare organization's data? Well, I'm not going to tell you who not to trust but I will tell you what Microsoft has done to be trustworthy in this space. First and foremost you own your data, you are always in control of your data, and we set and adhere to stringent privacy standards. You can learn more about this here.
We also adhere to industry-verified conformity with global standards, including those specific to the health industry. I know I'd really bore you with the alphabet soup of all these standards. You no doubt know about HIPAA compliance and the need for Business Associate Agreements, but that is just the tip of the iceberg. Here's a slide that covers a few more you should care about. In addition, if you really like to geek out on all this stuff, there are many others that will interest you.
Microsoft keeps your data safe by managing and controlling identity and user access, by encrypting communications and operations processes, by secure networks, and managing threats. We offer complete transparency so you know how your data is stored and accessed, and how we help secure it. Also, we will not use customer data or derive information from it for advertising or data mining. That last point is extremely important because not all companies offering cloud services will provide such assurance.
Across our company, including within my own worldwide health team, we have privacy, security and compliance experts who work diligently to provide assurance to our enterprise customers that their data is safe and our services can be trusted. If you manage IT operations for a health system, hospital or clinic and want more information on moving to the cloud to improve the cost, quality, access, scale, and flexibility of the services you provide to your staff, customers and patients, click here to learn more.
Bill Crounse, MD Senior Director, Worldwide Health Microsoft