By now you’re probably aware of the many benefits of cloud technology and, specifically, software as a service (SaaS). The widely accepted advantages include lower costs, faster operations, and instant scalability. These benefits hold true not just in healthcare, but in any industry.
But healthcare isn’t just any industry, and the data hospital and health system administrators and staff use for healthcare operations (i.e., governance, risk management, and compliance—or GRC) is sensitive and must be secured.
As a result, you probably have a few questions, chief among them: How secure is cloud technology in healthcare? We have answers; read on to learn more.
Safety, performance, and control in healthcare operations
Most health systems are very interconnected enterprises suffering from multiple enterprise-level disconnections. As health systems gravitate to cloud computing for healthcare applications, decision makers naturally want to be sure about safety, performance, and control of their data. For example, who is accessing your providers’ performance data and for what purposes, and is your hospital or health system vulnerable to a ransomware attack as these instances become more frequent, severe, and costly?
Security for cloud software is much like the application security your on-premises data center provides, only without the costs of maintaining facilities and hardware. With cloud computing applications, you don’t have to manage physical servers or storage devices. Instead, you rely on a third-party (e.g., symplr) to monitor and protect the flow of information into and out of your cloud environment.
What to look for in a SaaS host
To ensure optimal security, scalability, availability, and performance, look for a cloud computing hosted environment with the following features:
-
Server technology to dynamically scale up or down (add or remove) application and database servers to support your initiatives
-
Use of a data center with reliable power, cooling, and redundant Internet connectivity
-
High availability via a redundant server farm and replicated storage area network
-
A disaster recovery (DR) model that includes replicating production virtual servers and database servers to a backup/DR data center
-
Performance monitoring software to continuously assess the health of the platform
-
Support that responds quickly and accurately to every customer, including monitoring of customer email with prompt service for critical items
A deep dive into symplr’s information security
Customers—from the largest U.S. health systems and payer organizations to the smallest clinics and physician practices—rely on symplr to be up and running virtually all of the time, even when their own internal systems may not be. They count on the flexibility to access their provider data management, workforce management, talent management, contracting, spend management, facility access, compliance, quality, and safety applications from work or from remote locations day and night, from any mobile device.
As a result, we update symplr’s platform frequently, but our product updates are designed to avoid work disruption. In addition, symplr meets the requirements of industry-leading compliance or audit standards used to provide independent measures of reliability and security. We understand the importance of these features for our users and strive to meet or exceed customer and industry expectations of a hosted environment.
Data center security
Performance, availability, and security start with data center operations. symplr’s data center employs world-class hosting infrastructure featuring strict physical access controls, telecom carrier multiple circuit redundancy, redundant cooling, and onsite power generation. In addition, the facility is SSAE 18 SOC 2 compliant, audited under ITAR, EU-US Privacy, SOC 1, SOC 2, HIPAA, GLBA, and PCI Colo standards annually.
Data security
The controls protecting symplr customer data include:
-
All data are encrypted during transport (via Transport Layer Security, or TLS)
-
All data are encrypted at rest in the database
-
An audit log of all activities is carried out on the data
-
Redundant disk storage is employed
-
Encrypted transaction log and differential backups occur throughout the day, with full, daily backups being rotated regularly and stored off-site
Application security
Security is more than just user privileges and password policies. It’s a multidimensional business imperative. symplr has detailed, rock-solid policies, processes, and procedures in place to deliver the highest levels of security. We embrace the philosophy that our products must be secure in design, by default, and in deployment. We believe security begins before the first line of code is written. Selecting the correct technologies, implementing secure design principles, and following an established cybersecurity framework are key to maintaining this security throughout the product lifecycle.
Further, our products follow a standardized security development lifecycle that includes strong baseline security requirements, privacy impact assessments, security risk assessments, threat modeling, and penetration testing. This includes security awareness, developer education, secure coding techniques, and test methodologies designed to mitigate common vulnerabilities such as those identified by OWASP.
By implementing strong application security practices such as encryption-in-transit, encryption-at-rest, robust authentication and authorization mechanisms, and defense-in-depth controls at the operational level, symplr is committed to protecting the privacy and security of customers’ data at all times.
As data security threats grow and multiply, the healthcare industry cannot afford to lag behind other industries in protecting patients, providers, and staff. For healthcare organizations, choosing a cloud computing partner that invests the capital and effort to protect their data is critical. Learn more about symplr’s SaaS solutions.
