In this CyberPHIx podcast, Mark Eggleston, VP and Chief Information Security and Privacy Officer of Health Partner Plans, discusses implementation strategies for cloud-based applications.
Cloud-based applications offer new functionality and efficiency for healthcare organizations, but also bring new security considerations for protecting PHI.
Listen as Mark and Brian Selfridge, Meditology Services Partner, discuss approaches for managing data security risk within cloud-based applications. Learn how to:
- Create a business case for securing data in a cloud solution. Determine if your organization has the expertise to implement the cloud solution. Would you benefit from a third party with experience in implementing a specific cloud solution?
- Ensure that Service Level Agreements (SLAs) and Managed Service Agreements (MSAs) with cloud providers include scenarios for end-of-service, ongoing risk assessments, and downstream data sharing with fourth-party vendors.
- Clearly define user access roles to ensure cloud providers align with the minimum necessary requirements.
- Prepare to educate senior leadership about the gaps in cloud provider security controls by preparing a risk management strategy.