Staying Safe on the Cloud: Ensuring Data Security with the Flow of Medical Information
Nov 10, 2016
When life sciences companies think about moving to cloud applications, the first question most ask is, “can we be sure the data will be secure?” Companies need to know that medical information about patients can be de-identified and kept safe and that data confidentiality can be guaranteed.
Integral to security is compliance. Life sciences companies must meet a number of regulatory and compliance requirements, such as Health Insurance Portability and Accountability Act in the United States to secure medical information, electronic signature regulations (known as 21CFR Part 11), ISO information security standard 27001, and SOC 2 and similar in country laws for other countries across the globe focusing on nonfinancial reporting controls related to security and confidentiality. Like other industries, life sciences companies should also abide by the EU-U.S. privacy shield framework norms when transferring data intercontinentally.
- Whitepaper: Learn more about ArisGlobal’s agOnDemand Security Framework and our approach to addressing security challenges on SaaS
It’s imperative, therefore, that the flow of information across platforms is secure, while enabling different functions and partners to communicate seamlessly – such as across regulatory information management system software and drug safety systems.
Encryption is an important step in the process to allow data to be masked and unmasked and control who sees the data and how much of the data they see. Life sciences companies also want to ensure their data is segregated from other companies on the cloud, and that data segregation has been tested and demonstrated to be effective.
Nevertheless, software as a service (SaaS) is gathering momentum across all industries, including the life sciences – albeit at a slower pace due to security concerns. What’s important is that any solution is secure and compliant, and serves the needs of the business and data users.
While you are ultimately responsible for the security and integrity of your data, your vendor must share some of the burden of regulatory compliance with you. Certainly, regulatory authorities do conduct audits of vendors’ systems and processes, but best practices can and should go further.
When selecting a SaaS vendor, therefore, it’s important that you ensure you select a partner with the required controls and processes to ensure compliance with statutory regulations, that they have clear audit procedures in place and that you are able to audit your partner, and that they can demonstrate accountability about information security.
There are dedicated, proven SaaS solutions for life sciences companies and then there’s your standard commercial cloud. They’re not the same and what you get from the former must always be suited to your needs in the highly regulated life sciences industry.