Best Practices in Protecting PHI in the Cloud
The recent HIPAA breach reports with CHS and Cedar Sinai are enough to keep healthcare CIOs and Security Officers awake at night. Such events pushed healthcare organizations into reactive mode and concerned about their potential vulnerabilities.
Securing PHI in the Healthcare Realm
In today’s world of pervasive smartphone usage and cloud computing, it is important to identify some of the best practices in securing the PHI. When evaluating any cloud-based service, the healthcare organization must ask three important questions:
- Does the vendor need access to PHI? If the answer is no, the vendor should not store or access the PHI in the cloud.
- Is the encryption air tight? Check for weak links in the path of encryption such as logs, backups, passwords. Vendor should not hold the PHI encryption keys
- Does the service store PHI in public cloud servers? Public clouds are like unencrypted laptops. It’s a huge risk.
Minimizing PHI Breach with qliqCONNECT
Following tenets of best security practices for minimizing PHI breach, we have designed qliqCONNECT, our flagship secure texting service, to ensure qliqSOFT has no access to your PHI and no PHI is stored in the Cloud. This dramatically reduces your risk of a PHI breach.
Here’s how we do it with qliqCONNECT
- Cloud Pass-Thru Messaging – No message content and PHI are stored in the Cloud
- Public-Private Key Encryption – qliqSOFT has no access to keys that decrypt messages
- Message Archive Behind Your Firewall – Your PHI remains in your control and qliqSOFT has no access