In the healthcare industry, regardless of whether you’re looking to bring your business into the cloud or you’re already there and have hit some bumps in the road, you have a lot of choices. However, not all of your options are equally well-suited to helping ensure your long-term success. Below is a list of the key questions you should ask before choosing a cloud services provider. If you can answer yes to all of them, rest assured that you’re partnering with a company that can bring long-term value to your business.
Do they have the right credentials?
You’ll want to find partner with proven expertise with HIPAA, GDPR and other compliance frameworks. In addition, make sure they are HITRUST certified, so you can be confident that they have the qualifications necessary to protect sensitive healthcare data.
Is compliance at the center of everything they do?
A good partner will understand all of the relevant regulatory requirements, interpret those requirements, figure out what healthcare organizations need to do to comply with them and build its services accordingly. This makes compliance a much easier process, by helping you avoid the typical slowdowns that can otherwise occur when building new applications.
Is their cloud control framework widely accepted in the market?
Anyone can offer up a cloud control framework. Knowing that framework is accepted by leading brands, however, is a critical proof point. When hundreds of respected healthcare companies have accepted a framework publicly, it’s a testament to that framework’s effectiveness. So ask to see who the vendor has already partnered with. You don’t want to be their first healthcare customer.
Do they manage the process to the right control standards?
Any provider can give you access to the cloud. But most don’t give you guarantees that they have managed the process to certain control standards.
For example, your assets should be hardened automatically and your agents pre-configured. Meanwhile, you should be able to get tied into your service provider’s management plane and reporting structure instantly.
Are they current on new services?
Make sure that any vendor you’re working with is up-to-date on new cloud platform services. The three big public clouds release hundreds of new features in a month, and you’ll want to work with someone who is focused on knowing and understanding what those are and how they map to HIPAA. The provider should know whether or not a service is compliant for healthcare and advise you accordingly.
Do they sit at the intersection of cloud and healthcare?
You can find experts on cloud. But to get the most value from a partner, they also need to know the healthcare industry inside and out, and the entire ecosystem of regulations that affect it. If your provider isn’t operating at the intersection of cloud and healthcare, you could be at a major disadvantage. More specifically, you need a partner who:
- Can evaluate your services for healthcare compliance before they go live
- Has a track record of making non-compliant services compliant if there’s adequate business need and market demand, or issues controls to keep your team from using such services so you don’t drift out of compliance.
- Has significant partnerships and influence with the big infrastructure providers to make sure that each client gats the support they need.”
- Do they stand between you and native API services?
Does the provider force you through their proprietary dashboard, or black box, rather than allowing you to self-serve and spin up your own cloud assets?
A good provider will take the technical control and automated safeguards route, rather than forcing you to take additional steps to interact with the cloud. They’ll also allow you to use native APIs, but provide guardrails to keep you safe.
Can they meet you where you are on your cloud journey?
It’s important to work with a provider that recognizes there are different levels of cloud maturity and that is willing to meet you where you are on your journey to, and on, the cloud.
A good provider will be flexible and partner with you to give you exactly what you need, when you need it.
This includes a clear vision for how they can scale your organization in the cloud when you’re ready.
Do they provide periodic architecture reviews?
As new technologies come out, your provider should be reviewing them and advising you as to whether you should adopt them, helping ensure consistent modernization.
Do they give you real-time visibility into your compliance posture?
Knowing your current compliance state is critical so you can make any adjustments that may be required. Seeing that information in real-time is essential. Additionally, having access to a dashboard that not only shows real time, but also trends over time, can be incredibly helpful in creating an audit trail.
At ClearDATA, we’ve done this work for hundreds of healthcare organizations whose names you know. We focus all of our work on healthcare privacy, security and compliance so you can focus yours on meeting your business objectives.