Abstract
Cloud computing (CC) has the potential to provide significant benefits to healthcare organizations; however, its susceptibility to security and privacy apprehensions needs to be addressed before its adoption. It is important to evaluate the risks that arise from CC prior to its adoption in healthcare projects. Failure to evaluate security and privacy concerns could result in regulatory penalties, reputation loss, financial issues, and public loss of confidence in the healthcare provider. This paper uses Alberta’s Privacy Impact Assessment (PIA) requirement and COBIT 5 for Risk as guidance to highlight CC risk assessment areas and presents an IT governance and risk mitigation approach useful for CC adoption in the healthcare industry. In compliance with Alberta’s Health Information Act (HIA), the risk assessment areas are analyzed based on the security triad with emphasis on the confidentiality principle where privacy is the main focus. The proposed approach presented in this paper can be utilized by healthcare providers to mitigate and continuously evaluate CC risks from an IT governance perspective. Although the case study uses Canadian regulations, similar considerations can be taken into account in other jurisdictions.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
