Healthcare Data: Cloud Computing Security Concerns

Subject: Health IT
Pages: 4
Words: 222
Reading time:
4 min
Study level: College

Cloud computing (CC) is a powerful, cost-effective, and easy-to-maintain opportunity for small and medium businesses to fulfill their IT needs. However, companies dealing with security-sensitive matters, such as innovations and private information, may choose to avoid CC due to real and perceived security concerns. The most common concern is the data storage, as enterprises do not have full control over the matter in comparison with conventional computing model (Ali, Khan, & Vasilakos, 2015). Moreover, internal and external communication security together with legal issues may also be reasons to avoid CC for some businesses (Ali et al., 2015). Even though all of the considerations are valid, some concerns are also true for the standard computing model.

While modern solutions offer high-standard security protocols for CC, there are still open issues that prevent CC providers from offering reliable and secure cloud environment. According to Ali et al. (2015), most of the research in the sphere concentrates on developing solutions for isolated security problems. However, this leads to inconveniences, as businesses are forced to use multiple solutions for various security needs.

However, Ali et al. (2015) also state that communication and legal issues can be solved without significant additional cost. Therefore, while companies can efficiently deal with some of the CC security issues, there are no universal and reliable solutions for most of the problems.

Find two examples of data/security breaches that resulted in theft/loss/exposure of confidential data, preferably data related to health care. Describe the incidents and explain what could have been done to prevent or mitigate them.

Security breaches that result in an exposure of confidential data are not a rare phenomenon in the healthcare system. According to Davis (2018), North Carolina-based MedCall Healthcare Advisors exposed private data through Amazon S3 storage bucket. About 10,000 protected files became available through a search engine due to security system misconfiguration (Davis, 2018). CEO of the organization explained that all the records belonged to one of the clients, as the preferred cloud storage bucket instead of using an FTP server.

The problem could be averted through mindful database (DB) administration, specifically database management system (DBMS) access control through placing limits on the use of DBMS query and reporting tools (Coronel & Morris, 2019). Therefore, it can be stated that a breach is not always an issue with the software, and a problem with data security can be a result of human error.

Another incident occurred in Centers for Medicare and Medicaid Services during the same month. Approximately 75,000 individual records were accessed in a breach of for Affordable Care Act enrollment (Morse, 2018). This happened due to software weaknesses in the direct enrollment pathway (Morse, 2018). While there does not seem to be a clear way for the prevention of the problem recommended by Coronel and Morris (2019), it can be mitigated through disabling the pathway. In conclusion, while most of the security breaches can be prevented by mindful DBMS administration, a quick reaction to an incident can mitigate the consequences.

Discuss the benefits and challenges associated with accessing health data generated by patients in structured and unstructured formats. Justify your responses.

Patient-generated health data (PGHD) is information created or recorded by patients or their assistants to address a health concern. It includes “health history, symptoms, biometric data, treatment history, lifestyle choices, and other health-related information” (Hull, 2015, p. 177). Structured and unstructured PGHD can be beneficial for providing evidence-based care, as the generated information can be analyzed to realize the patterns that otherwise would not be recognized. Specifically, the data can be used to support retrospective studies, which can aggregate information about patients’ experience to draw conclusions about a matter of interest. However, data generated by non-professionals may lack some of the essential features for further processing.

Current medicine is only beginning to understand how PGHD can be merged and evaluated due to several issues. First, the patients are not trained and use a non-unified language, while medical personnel utilizes specialized dictionaries ensuring data integrity (Hull, 2015). Second, it is challenging to persuade patients to adhere to data interchange structure standards making its further use difficult (Hull, 2015).

Third, some of the information acquired from patients may be misleading and contradicting because of limited medical knowledge. In conclusion, while the benefits provided by PGHD are evident, there are significant challenges associated with accessing it. However, these problems cannot become a reason to stop collecting data from patients; instead, researches should be conducted to find ways of overcoming the issues.

Consider the Centers for Medicare and Medicaid Services (CMS) core measures and the data used to support the reporting. Which do you believe are the easiest to collect and which do you think are the most difficult to collect?

Centers for Medicare and Medicaid Services (CMS, 2017) core measures include primary care, cardiology, gastroenterology, HIV and hepatitis C, medical oncology, obstetrics and gynecology, orthopedics, and pediatrics. To support reporting CMS used Electronic Health records (EHRs) and patient-generated health data (PGHD) in all the eight spheres. I believe that the easiest information to collect was EHR in cardiology, as the information is abundant, straightforward, and includes mostly numeric information that is not difficult to process. Moreover, the data was entered by professionals directly into the hospital database facilitating its further retrieval. In short, cardiology EHRs are a prolific source of information for CMS.

I consider PGHD in pediatrics was the most difficult to collect due to objective factors. First, the information may be misleading, as it was gathered from non-professionals. Patients do not have the knowledge in medicine and can come to wrong conclusions while using non-unified language. Therefore, before entering the information into the database, it had to be adapted. Second, the patients in pediatrics are children, who may be unable to explain what is happening to their bodies. In fact, the information may have been gathered from patients’ parents adding another source of confusion and contributing to misunderstanding. Therefore, I believe that PGHD in pediatrics is the most challenging to collect.


Ali, M., Khan, S., & Vasilakos, A. (2015). Security in cloud computing: Opportunities and challenges. Information Sciences, 305, 357-383. Web.

Coronel, C., & Morris, S. (2019). Database systems: Design, implementation, and management (13th ed.). Web.

Davis, J. (2018). Update: Misconfigured database breaches thousands of MedCall Advisors patient files. Healthcare IT News. Web.

Morse, S. (2018). CMS responds to data breach affecting 75,000 in federal ACA portal. Healthcare Finance. Web.

Hull, S. (2015). Patient-generated health data foundation for personalized collaborative care. CIN: Computers, Informatics, Nursing, 33(5), 177-180. Web.

Centers for Medicare and Medicaid Services. (2017). Core measures. Web.