No Match Found
Improving cybersecurity measures through a highly controlled cloud platform
Patient health information is sensitive and highly regulated, historically making the healthcare industry more cautious than other sectors in adopting cloud technology. But with recent advancements in cloud security, hospital systems and healthcare providers across the globe are making up for lost time, ditching costly, outmoded on-premises legacy data systems for the innovative possibilities of the cloud. One renowned international healthcare organization wanted to be at the forefront of that shift. It envisioned harnessing Google Cloud to help improve patient care and empower groundbreaking research by opening up global access to its trove of patient data.
The challenge was bringing that vision to life while navigating complex regulatory, privacy and cybersecurity concerns. To make it happen, the organization needed to weave risk and compliance considerations into its cloud transformation plans from the very start. PwC joined as the strategic advisor with deep knowledge of Google Cloud, healthcare compliance and the vision to keep up with a physician- and researcher-led culture of relentless innovation.
PwC assembled teams of technology and controls specialists, drawing on a wide range of knowledge across the firm — including cloud infrastructure, cybersecurity protocols and healthcare compliance — to plan for a foundation backed by proper standards. PwC focused on designing a future-flexible system that could manage the growing cyber threat landscape and compliance challenges. As a result, the healthcare organization was able to plan its infrastructure around the way regulators think, test the system against compliance controls before it was deployed and continue to monitor it throughout the build.
The process touched on what many at the healthcare organization viewed as a fundamental conflict: balancing the boundary-pushing goals of physicians and researchers with the security concerns of key decision-makers, such as the CTO, CIO and CISO.
Researchers want to advance new outcomes and treatments by making data such as electronic health records, patient population and patient satisfaction surveys available to colleagues and third parties. But regulations like HIPAA require that it be protected against risks such as unauthorized disclosure or modification. Together, the healthcare organization and PwC developed a cloud platform aligned with HIPAA and HITRUST requirements to support secure, intentional data sharing — while keeping the flexibility to support physicians’ and researchers’ ever-evolving needs as they push patient care forward.
Within the controlled environment of the healthcare organization’s new Google Cloud platform, third-party researchers not only receive secure access to healthcare data that can be used to derive new insights, they can also take advantage of leading-edge, cloud-enabled workspaces. Where, traditionally, researchers who had worked hard to earn a grant might still be unable to access an on-premises supercomputer, the new cloud platform opens up AI and machine learning capabilities in a secure cloud environment.
With PwC’s help to implement Google Cloud, this leading healthcare organization now has a foundation to support strengthened cybersecurity and cutting-edge research for years to come. As researchers, physicians and technical engineers continue to discover what the cloud can do, Google Cloud will continue to develop yet-unknown approaches to data analysis.
Meanwhile, the fine balance between cyber threat protection and research demands will fuel successively sophisticated iterations of the platform into the future. The more researchers uncover new capabilities and features within the cloud environment, the more advanced the controls necessary to secure it can become. In short, the best of all possible worlds: maximum security meets maximum innovation.
reduction in time to cloud adoption through security and HITRUST compliance enablement
reduction in manual hours needed for cloud security configuration and operations through automation
increase in threat detection, response time and accuracy through additional capabilities and reduction in false threat positives
Director, Office of the CISO, Google Cloud
Principal, Cyber Risk & Regulatory for Health Services, PwC US
Partner, Global Google Alliance Leader, PwC US