The Cloud Security Alliance (CSA) on Thursday released new guidance for health care delivery organizations (HDOs) that aims to provide processes and controls needed to ensure the privacy and security of cloud-based telehealth patient information.
Developed by the CSA’s Health Information Management Working Group, the Telehealth Risk Management publication offers best practices for the creation, storage, use, sharing, archiving, and potential destruction of data in three specific domains: governance, privacy, and security.
During the pandemic, the rules governing telehealth changed dramatically, prompting HDOs to quickly update and revise their governance and risk programs, said Jim Angle, the paper’s lead author and co-chair of the work group.
“Now, with the rapidly changing demands and regulatory requirements for telehealth, it’s essential that HDOs have effective governance and risk programs to ensure a smooth and seamless transition while improving their current risk postures,” Angle said.
When organizations review and consider the new guidance, they must not lose sight that modern cyberattacks, such as multi-stage ransomware has as a significant impact on the security of telehealth patient information, noted John Morgan, CEO of Confluera.
“Even a very well-planned data lifecycle can be compromised if attackers have already infiltrated the healthcare cloud environment and navigated through the network undetected,” Morgan said. “As organizations review and reassess their patient data security per the published guideline, they should ensure the same analysis is applied to their threat detection and response plans.”