Skip to content Skip to navigation

When using the cloud, keep security in mind

August 21, 2014
by Asaf Cidon
| Reprints
Asaf Cidon

As a behavioral healthcare organization, you and your staff have a lot of files to manage.

When you meet with patients, you record and graph data, then analyze it to make clinical decisions.  Not only do you keep files for each of your patients, but you must also maintain back-up copies and keep track of when you share them with other analysts, technicians and therapists.

And that’s just the clinical information—the billing information is yet even more data to keep track of.  

A cloud-based file-sharing service like Dropbox, Box, or Google Drive can help. These services allow you to store documents in the cloud, share them with other users, and automatically sync up the latest file versions to all of your different devices. This functionality can provide your organization with a big productivity boost, but can also make it more difficult to make sure client files don’t fall into the wrong hands.

What is the cloud? 

If you’re not familiar, the cloud is a computing concept that allows data and applications to be stored externally, away from a user’s own physical hard drive or server. Users can then access their files and apps on demand, via the Internet.

You may already be storing information on the cloud, without even knowing it. If you use a web-based email service like Gmail or Hotmail, for example, your emails and attachments are stored on cloud servers (rather than on your own computer).

File-sharing services like Dropbox are similar to these email services, but they allow users to manage files in a more streamlined way. Imagine a floating digital folder that follows you around wherever you go. No matter what device you use to sign in, all of your files are always there, waiting for you. If you make changes to a file on your laptop, those changes will show up when you open the same file on your tablet or your desktop, because all of the devices are synced to the same account.

Productivity power

File-sharing services like Dropbox can ensure that you’ve always got backups of client files. Even if your practice burned down, destroying all of your paper documents and computer equipment, your files would still be safe in the cloud.

These services also make it easy to share documents with colleagues, which is especially important for analysts that outsource some of their data collection to outside technicians. Perhaps most importantly, services like Dropbox allow you to open and work on files with whatever device you happen to have handy at the moment. You can take notes on your tablet, review them on your home desktop, and then continue to work on them with your laptop in another location.

It’s all much simpler and more efficient than constantly emailing files back and forth to yourself.

Security concerns

More than 60 percent of HIPAA violations are the result of a lost or stolen device. If you use Dropbox to store an important file on five different devices that means it’s five times as likely that you’ll lose a device containing that file. Things get even more dangerous if you share files, because you have no way to prevent them from being shared with even more people once they’re out of your control.

The possibility of a data breach is particularly troubling for behavioral analysts, who are subject to federal healthcare regulations like HIPAA.  Some small practices largely ignore security—thinking that their practice is unlikely to be audited—but they do so at their own peril.  Mental health professional must protect client information online according to HIPAA security rules or face steep fines.  New regulations carry penalties of up to $1.5 million plus civil liabilities for the loss or accidental sharing of information about 500 or more individuals, and even a single lost client record can expose you to liability.

Making the cloud HIPAA compliant

Fortunately, there are solutions (although some work better than others). Some organizations try to approximate the cloud by setting up their own file servers, although this can be expensive and complicated. Others use file-sharing services like Dropbox and then encrypt all of their devices, but that won’t protect files that you share with people outside your organization. Also this solution requires a high level of tech support.

A simple, effective solution is to purchase a software product specifically designed to encrypt the files you share over the cloud. These products give therapists the security they need, without requiring them to learn a complicated new system. By properly securing the files you share, you can enjoy all of the productivity rewards of the cloud without exposing your clients and your practice to unacceptable risk.

Asaf Cidon is CEO and co-founder of Sookasa.  Cidon is also a Stanford PhD candidate, specializing in mobile and cloud computing.  He founded Sookasa with the mission of allowing businesses to control their data securely via the cloud with a product that encrypts, audits and controls access to files stored on Dropbox, and complies with HIPAA and other government agency regulations. 

Topics