Dr. David Nelson is the managing partner in a small clinic practice located in southern California. He and his eight partners have been exploring the benefits of participating in the federal meaningful use incentives. Participation would mean collecting tens of thousands of dollars in exchange for implementing an electronic health record to replace their existing paper files. Dr. Nelson is concerned about the cost of adding sophisticated technology to overall management responsibilities and concerned about the ability to find and retain expensive IT support staff sufficiently knowledgeable and available to meet the practice’s needs. Dr. Nelson attended the annual HIMSS conference, where he had the opportunity to speak to a large number of vendors and peers about options available to him. He returned from the conference convinced that the optimal approach for him and his partners is to purchase a cloud computing “software as a service” solution. One of his partners is not as convinced and has asked you to attend their next partners meeting to discuss security and privacy implications and to recommend solutions they might consider to manage having their regulated patient data stored offsite with a cloud provider.
Use the study materials and engage in any additional research needed to fill in knowledge gaps. Write a paper that covers the following:
Describe the potential security and privacy implications of storing patient data in a third-party controlled cloud environment.
Explain the role of the hypervisor and the security vulnerabilities specific to this technology.
Identify tools that are available to mitigate vulnerabilities specific to virtual and cloud computing implementations.
Recommend how a small medical clinic can leverage cloud computing strategies without putting patient data at risk.
Describe the implications of public versus private clouds in operating system security.
