Clearing the Fog of Data Security within the Cloud

Subscribe on your favorite platform:

About the Podcast: The CyberPHIx is a regular audio podcast series that reports and presents expert viewpoints on data security strategy for organizations handling patient health or personal information in the delivery of health-related services. These timely programs cover trends and data security management issues such as cybersecurity risk management, HIPAA and OCR compliance strategy and vendor risk management. Meditology Services, the healthcare industry's leading security and compliance firm, moderates the discussions with leaders in healthcare data security.

In this CyberPHIx podcast, Mark Eggleston, VP and Chief Information Security and Privacy Officer of Health Partner Plans, discusses implementation strategies for cloud-based applications.

Cloud-based applications offer new functionality and efficiency for healthcare organizations, but also bring new security considerations for protecting PHI.

Listen as Mark and Brian Selfridge, Meditology Services Partner, discuss approaches for managing data security risk within cloud-based applications. Learn how to:

  • Create a business case for securing data in a cloud solution. Determine if your organization has the expertise to implement the cloud solution. Would you benefit from a third party with experience in implementing a specific cloud solution?
  • Ensure that Service Level Agreements (SLAs) and Managed Service Agreements (MSAs) with cloud providers include scenarios for end-of-service, ongoing risk assessments, and downstream data sharing with fourth-party vendors.
  • Clearly define user access roles to ensure cloud providers align with the minimum necessary requirements.
  • Prepare to educate senior leadership about the gaps in cloud provider security controls by preparing a risk management strategy.