This page contains a Flash digital edition of a book.
3


the reclamation of space in the data center) back out of lease agreements and schedule the cutover around uncompromising dates. This kind of aggressive schedule, however, is dangerous


in the clinical contest. Instead, a slow, controlled migration—with well-defined iterative phases and plenty of testing in between—minimizes the potential for patient impact. Useful candidates to migrate first are scheduling or financial systems that intersect the patient experience but do not directly impact safety or quality of care. A useful tool to leverage for this planning is the “application and data criticality analysis” required under HIPAA Security §164.308(a)(7)(ii)(E) [i.e., “Assess the relative criticality of specific applications and data …”] Since you’re required to rank applications by criticality as part of HIPAA compliance, leveraging that list as a roadmap for cloud maximizes dollars already spent. Start here by scheduling your migration in reverse- criticality order (i.e., least critical to most critical), using the ranking as the input.


Don’t Let the Cloud Take You


to the Cleaners It’s not a given that your cloud vendor knows what


the HIPAA Security Rule is, let alone has a compelling story around it. This may change as HITECH extends enforcement to include business associates, but that


change is down the road. Short term, healthcare providers need these business associates to address it today or risk being out of compliance. Obviously, validating compliance with the security


rule prior to entering a cloud provider relationship is the optimal scenario. If pressed (particularly during the sales process), many service providers will open the kimono to demonstrate compliance, even in some cases creating per-customer matrices outlining how they comply with HIPAA’s security requirements on an implementation specification basis. So if you’re entering into a relationship with a vendor, asking the vendor to demonstrate compliance in advance can give you leverage. However, since security isn’t always consulted well in


advance, it’s not always possible to vet service providers for their security rule compliance in advance. If that’s the case, the onus is on the healthcare provider to understand and work around the security controls in place at the vendor and document how they address the security rule. Oftentimes, resources at the service provider can be enlisted to help do this; for example, most service providers maintain staff to respond specifically to this type of request. While not every vendor is able to (or willing) to assist, many are, so asking for help is always a good idea.


Keep Your Head in the Clouds


And Your Data on Demand Cloud computing delivers IT as a service through the use of the Internet and technology such as virtual machines to share software and hardware. One of the most common reasons organizations consider cloud computing is to reduce TCO and minimize IT infrastructure investments. Using the cloud, you can deliver IT services more efficiently, simplify provisioning and deployment, and rapidly scale to meet your unique needs.


CLOUD OPTIONS


Public Cloud: IT services shared by multiple organizations, managed by an external provider


Private Cloud: Pooled internal resources of a single organization, delivered on demand


Hybrid Cloud: An organization’s use of a mix of private and public cloud infrastructures


Call your Account Manager today to learn more about how cloud computing can benefit your organization.


1.800.395.8685


CONNECTION


VOLUME 2 • ISSUE 1

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36