Protect yourself from Shadow IT, embrace “good enough for HIPAA” secure cloud services like Box and Skydrive
It’s a common misconception that if executives at hospitals or practices don’t have time to deliver sophisticated IT solutions to their users that users will just wait patiently and hope that solutions will arrive someday. However, there is a larger Shadow IT movement in many clinical settings than senior executives are willing to admit. Given the wealth of cloud offerings available, many of which have better security in the cloud than some on-premises “clinical” solutions, Shadow IT is growing and will cause more problems in the future as we try to reign it in. Just as users found ways to use Microsoft Excel and Access to get around EHR database problems and financial system woes, the cloud is creating another generation of Shadow IT problems.
Sophisticated requirements like clinical collaboration, secure file sharing, medical grade document management, and secure messaging (especially texting) can not be easily deployed within a single facility because the default security mechanisms and firewall controls prevent their effective use. While senior IT folks try and figure out how to procure and secure their own solutions, users end up using Dropbox or other insecure solutions because it doesn’t require much to download and they can start sharing files immediately. Dropbox has such a high value that may senior executives may just look the other way because they know their IT staff can’t deliver anything better sooner.
Instead of being silent on easy file sharing, announce that you will allow certain “good enough” secure cloud services such as independents like Box (my preference) or Microsoft’s Skydrive (which I like, too). Encourage your staff to bring you ideas for how they’re using cloud services and offer them secure alternatives so that Shadow IT doesn’t grow any bigger.
If you’re in the DC area on April 17th, join me from 11:30am to 12:45am at the BoxWorld Tour where I’ll be speaking on a panel with other experts on how the government is using secure file sharing options like Box.com. If Box.com meets the government’s rules for security and privacy, HIPAA is not that hard to accommodate. so you should give it a shot. Join me at the panel to learn more and ask questions about how you can arrest your Shadow IT growth.