Shownotes Transcript
Episode Summary Is customer data secure and working for all parties? This is the question, whether realized or not, that every healthcare organization should be asking. Cloud presents businesses in the healthcare space with unique opportunities, but also significant challenges. Back in the early 2010s, most businesses were concerned with acquiring and storing data — not securing it. In the wake of Amazon Web Services (AWS), early success came with competitors including Microsoft Azure, Oracle, and Google Cloud Platform (GCP). The goal? To capitalize on the prospect of ultra-cheap data storage for organizations across the globe. But security is now a top priority for businesses that recognize data is only valuable if it’s secure. As the pace of innovation quickens, industries from fintech to healthcare are wondering if they’re equipped to effectively deal with compliance. This applies to both the cloud and on-prem infrastructure — which have different capabilities, resources, and use cases but the same cybersecurity concerns. Cloud providers are no strangers to these concerns, either. They know the implications of increasing business migration from on-prem to cloud-based infrastructure: more data to protect and secure in a precarious cyber landscape. For the healthcare industry, this means balancing the value of holding protected health information (PHI) — with the growing usage of platforms like Epic and Cerner — against potential business risks and liabilities. The most critical thing providers can do is educate customers as much as possible on the issue, not just by filling out spreadsheet forms and questionnaires, but by having candid conversations. Prioritizing the human element and contextualizing these discussions within the ultimate mission to provide quality customer care is what will truly drive success. Featured on the Episode Name: Ali Allage What he does: As CEO of BlueSteel Cybersecurity, Ali consults with companies on their cybersecurity postures, helping run compliance programs and supporting partners to better face and navigate the challenges of the modern cyber landscape. Organization: BlueSteel Cybersecurity) Words of wisdom: “Being secure in the cloud doesn't mean that you're more secure on-prem: It just means that you have more of a focus on ensuring that your open ports [and] environment are completely locked down and making sure that access control … is thoroughly thought through.” Connect: LinkedIn) | X, formerly known as Twitter) | Ali’s) we)bsite) Name: Eric Thorsen What he does: As CEO of ThorTech Solutions, a software architecture and IT automation consulting business, Eric’s expertise lies in a range of technological applications including fintech and healthcare. ThorTech was early to the cloud computing game with involvement in election polling processes. Organization: ThorTech Solutions) Words of wisdom: “AWS spent $8 billion dollars alone on cybersecurity in 2021 … These on-prem companies trying to compete with the might of Amazon, Microsoft, Oracle, and Google is a tough sell. Who's going to be able to really attract the top talent and figure out how to secure hundreds of thousands of business workloads the best? It's very hard for on-prem companies to compete in that world.” Connect: LinkedIn) | X, formerly known as Twitter)
Name: Jeff Richard What he does: Before becoming CTO at Lone Star, Jeff was a longtime player at Baylor Scott & White Health, the largest non-profit healthcare system in Texas. Organization: Lone Star Communications, Inc.) Words of wisdom: “We weren't really looking at cybersecurity [when focused on storage challenges back in 2013]. … At the time, there weren't as many bad players in the market making cyber attacks. But as we've moved to Epic, Cerner, more user-focused applications [and] the cloud … [cybersecurity concerns] are coming to the forefront [with] the need to secure information in transit [and] shine a brighter light on it.”
Connect: LinkedIn)
Key Points
Top takeaways from this episode
The key to successful cloud-powered healthcare is communicating the importance of organizational security posture. The rise of the cloud has facilitated unprecedented storage capabilities, while also prioritizing cybersecurity concerns for businesses. With a greater prevalence of both PHI-interacting user-focused applications and cyber threats, service providers must educate customers — while also respecting their wishes about how to handle their chosen solutions.
How PHI is secured depends on the value proposition. Businesses looking to enhance their products need to weigh risks and liabilities against the value of holding confidential data which requires the utmost sensitivity. Measures like encrypting data in transit and assessing SaaS-based application data handling practices help respect this necessary privacy. For outcomes that could potentially save lives, detailed insight into transit, storage, accessibility, and interaction is critical.
Meaningful customer conversations are critical to cloud and security success in the healthcare space and beyond. When businesses were worried about data acquisition and storage, security was a low priority, but it’s now jumped to the top of the list. Unfortunately, current compliance questionnaires are largely misguided and frequently cause panic for both customers and vendors. But when all parties converge in meaningful conversations — like the ultimate mission of quality customer care — they can more effectively solve the very human challenges they face.
Episode Insights [00:00] Cloud versus on-prem: Cybersecurity is largely location-agnostic, but there are some differences in capabilities, resources, and use cases between cloud-based and on-prem infrastructure. [03:50] Reliability and security evolution: The inception of AWS — with GCP and Azure following hot on its trail —- marked a turning point for businesses, ramping up competition with a quicker pace of innovation. [08:26] The customer view: In the early-to-mid 2010s Jeff, as a service provider, saw the possibilities of cloud-stored patient data. But security was a much lower priority concern than it is now. [13:40] PHI priorities: Providers nervous about PHI need to know that bringing new applications into the healthcare space is fundamentally about balancing data value propositions and the liability and risks of holding that data. [17:15] Collaboration, synthesis, result: It helps to view data — which must be properly tended to and protected through its lifecycle — as being on a journey. [20:48] Goodbye, Excel: Improving the process means conversations to get on the same page instead of regurgitating information via a compliance spreadsheet. [23:32] Cool it on compliance: Security assessments (with all their many controls) can put providers in a panic, which has a knock-on effect on developers before they’ve even built anything. Data security can take a lot of that fear away.
[26:28] Keep talking: Normalizing conversations around legacy technology and other business challenges is the key to finding more solutions together — even and especially if it’s not common practice.
Connect with Lone Star Communications
☑️ Follow us on YouTube) and LinkedIn) ☑️ Let us know what topics you would like to hear about on CarePoints with Kenny Schiff by emailing us at [email protected]). CarePoints with Kenny Schiff by Lone Star Communications is a series of conversations with his collaborators at Lone Star, customers, partners, and notable folks in the healthcare industry.. For over 32 years, Lone Star Communications has been focused on transforming healthcare through innovation and empowering improved caregiver and patient experience.