Group Presentation 3

Migrating the Health Care
Industry's Data Into the Cloud
Walaa Hawasawi
Michael Turner
Eyad Fairak
Eric McGee
Bradlee Lathon
Eric Gibson Jr
Security Issues of Cloud Computing in
Define The Problem
There are tremendous advantages of implementing the cloud
computing technology in healthcare field. However, as we all
know there is no such a thing called “perfection”. Therefore,
health care organizations are facing some huge risks mostly
represented in: turning over data, security, availability and
control to a third party, which means that the organizations
have absolutely no control over where their data actually
Many EMR( Electronic Medical Records) vendors do not own
their own servers. They are rented from companies like Amazon,
Microsoft, Apple, and other data bank companies. Chances are
good that your EMR flows on the same server, and hard drives as
Twitter or Facebook. Unfortunately, Unauthorized disclosure of
information results in severe consequences to the organization
and significant costs in recovering and restoring data as well as
notifying affected individuals.
Based on the security issue some important questions have been raised;
How responsible can physicians or hospitals be for breaches by a
vendor, or cloud system provider? What about hackers? What are the
results of hacking the patients EMR?
HIPAA will become rather meaningless!
A survey has been conducted by Healthcare IT News asked its readers
if their organizations plan on implementing cloud computing:
The Survey's Results:
Forty-eight percent said they plan on making cloud computing
part of their organization’s health IT infrastructure.
While 33 percent are already using cloud. Cloud computing has
quickly made inroads in their health IT space.
Only 19 percent of respondents indicated they are not going for
the cloud because of Security issues surrounding cloud
Another survey has been conducted by KLAS ( Which is a
research firm on a global mission to improve healthcare delivery
by enabling providers to be heard and to be counted) titled Cloud
Computing Perception 2013: The Hybrid Cloud in Healthcare.
The Survey's Result:
66% of non- cloud users surveyed said security was definitely
the main issue stopping them from moving forward with
 The Accenture report statistics were compiled from a study released in
February by unified e-mail management services provider Mimecast which
last fall surveyed 565 IT decision makers across several industries in the
United States and Canada about their cloud plans.
 The 32% of respondents in the healthcare sector using cloud applications
were most similar to those in industries such as manufacturing, in which 32%
of respondents in that sector also said they were using cloud applications;
followed by respondents in education (29%) and retail (35%).
 The 73% of healthcare industry respondents planning to move applications
to the cloud were most similar to the 75% of respondents in the technology
and government sectors who also intended to expand their use of the
Cloud Security Concerns
Fear of the lack of valid security and compliance has
caused the healthcare industry to slow down cloud
Cloud providers must ensure that their infrastructure is
secure and that their clients’ data and applications are
protected while the customer must ensure that the
provider has taken the proper security measures to
protect their information.
Most Common Concerns
 Identity and Access Management: Identity management
helps to maintain security, visibility and control, and
centralizing IT control of identities and access is useful.
 Data Protection: Encryption of traffic and isolation
mechanisms that serve to separate memory, storage, and
routing between tenants must be put in place in multitenant cloud environments.
 Compliance: Different countries and regions have
different privacy laws, some more strict than others. To be
sure that cloud vendors are compliant with policy, it is
important that the cloud infrastructure is auditable.
Most Common Concerns (cont.)
 Trust: When migrating to the cloud, most of the control is now in the hands
of the cloud vendor which requires trust. To build trust vendors need to
deliver incident response, such as; attack analysis, containment, data
preservation, remediation and service continuity. Data management tools
are required so that the client can see over their data on the cloud and make
sure agreed upon policies are being enforced.
 Secured Architecture: Large cloud infrastructures obviously present a
bigger and more vulnerable target for cybercriminals. To protect a
healthcare cloud from trojans, rootkits and malware requires management
of identities and APIs at the network edge to ensure that only authorized
users can gain access. Also Hardware and software components that are
inherently trusted (Roots of Trust) must be established to secure server and
client machines by measuring or verifying software, protecting
cryptographic keys and performing device authentication.
Cloud Security Solutions
To help address the issue of securing sensitive patient
data and medical records it is necessary that both client
and vendor are using AES encryption.
AES (Advanced Encryption Standard) – This type of
encryption uses complex algorithms to secure data.
Due to the complexity of AES algorithms, in an environment
where there is endless data being passed to and from the
cloud, there will be too much overhead.
Solution: Intel’s Advanced Encryption Standard New
Instructions (AES NI)
 This solution speeds up the execution of encryption algorithms by
anywhere up to 10 times other solutions.
 Intel has built this technology right into many of their Xeon, Core
vPro and Core processors.
Video on Intel AES NI
Using the machine specs in the chart below, Intel
measured the performance benefit offered by Intel AESNI on a Linux/Java software stack to prove that use of
their advanced encryption technology would be
beneficial for the healthcare sector and allow more
organizations to address the increasing security
concerns within the industry and by consumers.
Test Results - The test was run 100 times for each encryption method and the results
were averaged.
Key Findings
 Application file encryption improved 39% (average) and file
decryption 37% (average) with Intel® AES-NI enabled over
AES128 key.
 Application file encryption improved 37% (average) and file
decryption 38% (average) with Intel® AES-NI enabled over
AES256 key.
Customers have built healthcare applications
compliant with HIPAA’s Security and Privacy
HIPAA does the following:
 Provides the ability to transfer and continue health
insurance coverage for millions of American workers and
their families when they change or lose their jobs;
 Reduces health care fraud and abuse;
 Mandates industry-wide standards for health care
information on electronic billing and other processes.
 Requires the protection and confidential handling of
protected health information
HIPAA Compliance
Administrative Safeguard
Physical Safeguard
Technical Safeguard
Case Study : Nimbus Health
Helps doctors and hospitals save money by enabling
healthcare providers to share medical records with patients
in an easy, online, and secure .
Nimbus Health a fully HIPAA compliant Software-as-aService (SaaS) solution.