Cloud Security Alliance releases new telehealth risk management guidance

The Cloud Security Alliance (CSA) has released Telehealth Risk Management, new guidance from the CSA Health Information Management Working Group, which focuses on the importance of healthcare delivery organizations (HDO) having processes and controls in place to ensure the privacy and security of telehealth patient information in the cloud in accordance with HIPAA privacy rules and the GDPR. The document offers best practices for the creation, storage, use, sharing, archiving, and possible destruction of data through the lens of governance, privacy, and security.

John Morgan, CEO at Confluera, a Palo Alto, Calif.-based provider of cloud cybersecurity detection and response, says, "As organizations review and consider the new guidance, they must not lose sight of the fact that modern cyberattacks such as multi-stage ransomware has as a significant impact on the security of telehealth patient information. Even a very well-planned data lifecycle can be compromised if attackers have already infiltrated the healthcare cloud environment and navigating through the network undetected. As organizations review and reassess their patient data security per the published guideline, they should ensure the same analysis is applied to their threat detection and response plans."

An HDO’s ability to manage telehealth data and the associated processes is essential to achieving its data security and data privacy goals. Developing and implementing a risk management program for telehealth requires a strong governance program, which serves not only to underscore the organization’s commitment to managing its information and risk but also compliance with all applicable laws, standards, and regulations.

Tyler Shields, CMO at JupiterOne, a Morrisville, North Carolina-based provider of cyber asset management and governance solutions, says, "The increase in telehealth over the past year brings about a fairly significant change in the level of risk of patient health data. Cloud and online storage of telehealth data increases the requirement for strong processes and procedures with regards to ensuring that the data is kept safe and secure. The first step in securing the cloud, and the data that it holds, is to make sure you have an accurate inventory of the cyber assets, including cloud, data, and access / identity assets. From there, it's possible to layer both technical and manual processes to make sure that the data is, in fact, secure."

As healthcare entities look to secure their data, blockchain is taking center stage, thanks to the fact that it allows for efficient data sharing while simultaneously ensuring patient privacy and data security. The Health Information Management working group’s upcoming (due in June 2021) white paper, The Use of Blockchain in Healthcare, examines its application not only in telehealth, but in research, patient administration, finance, and supply chain.

The paper is available at no charge. Download the full Telehealth Risk Management now.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.