Cybersecurity in Healthcare: Enabling the Future

| March 20, 2018

By Hector Rodriguez, Chief Security Officer, Worldwide Health, Microsoft

Last year, we explored Microsoft’s approach to health security, privacy, and compliance in the cloud as we experienced an increased demand for public cloud and hybrid cloud services.  Given Microsoft’s leadership in supporting the required services coupled with the required levels of security, privacy, and compliance we posited that not all health clouds are created equal.  Since that time, we have also experienced an increased number of threats to cybersecurity in healthcare; cyberattacks with ransomware such as Wannacry being a prime example.  Moreover, while the health organization is transforming there is an increased demand to transmit, store, and process protected health information in the cloud.  This demand for increased cybersecurity in healthcare is really a requirement if we are truly going to enable the future of healthcare as a data-driven industry that will improve health outcomes, improve patient and provider experiences, and lower the per capita cost of care.

In 2018, we see an increased focus on precision medicine and overall data driven health transformation. Data coupled with artificial intelligence and machine learning will drive a number of processes and solutions that extend across both the clinical setting and operations (think supply chain and labor management).  In the clinical setting, the future of health and life sciences’ new solutions, services and research will combine data from multiple sources including genomic, environmental, and life style.  This drive towards personalized care and precision medicine demands and requires increased computational power, data aggregation, artificial intelligence, virtual collaboration, and security, privacy, and compliance.  While regulations such as HIPAA and HITECH in the United States will continue to govern our health industry we also must support global regulations such as the European Union’s General Data Protection Regulations (GDPR) and evolving cybersecurity in healthcare regulations in China and other countries.

It’s with these requirements in mind that Microsoft continues to lead as a trusted cloud data steward.  We continue to build our global security, privacy, and compliance portfolio and now certify and or attest to over 71 defined regulations and their associated technical, physical, and administrative control frameworks.  This is more than any other hyper-scale cloud provider.  In September 2017, we announced our contractual support for GDPR as part of our Online Services Terms.  We have re-tooled and re-engineered our organization and solutions to support the privacy compliance requirements that our customers will require around the world.  As part of our GDPR readiness programs we’ve also created education content, guidance and assessment tools for our customers and partners that will accelerate their journey to meet or exceed these expanded privacy requirements.  See Microsoft’s “GDPR Readiness Resources” portal for more.  It is critical to remember that GDPR is not just about the European Union – these regulations have the potential to affect US and other global healthcare organizations.

And lastly, Microsoft has launched our online Compliance Manager.  The Microsoft Compliance Manager is designed to connect security and compliance features with regulatory requirements.  As posted in Microsoft’s Office 365 blog – “Compliance Manager is a cross–Microsoft Cloud services solution designed to help organizations meet complex compliance obligations like the GDPR. It performs a real-time risk assessment that reflects your compliance posture against data protection regulations when using Microsoft Cloud services, along with recommended actions and step-by-step guidance.”  It should be noted that while platforms such as Microsoft 365 and Compliance Manager can help organizations meet their deadline for GDPR compliance (May 25, 2018) they also support compliance across other regulations and guidelines.


Category: Uncategorized

Comments are closed.