computing. Some of the pros include:
x Cost. There are no upfront capital costs and fewer over-
head expenses. The organization pays only for using the
services; it saves on investment, maintenance, user li-
censes, and overhead such as electricity and rack space.
x Elasticity. Cloud computing acts like a rubber band. It can
expand for volume and storage purposes as needed and at
a rapid pace.
x Access. Access is immediate and available anytime from
any where (as defined by permissions).
x Disaster planning and back-up. The cloud is resilient in
natural disasters as it will continue to function even if the
user’s computers and systems crash.
nicians, will get frustrated if the system takes too long to
retrieve data. ¢
Tom Walsh, CISSP
1. The National Institute for Standards and Technology.
“The NIST Definition of Cloud Computing.” October 2009.
Available online at http://csrc.nist.gov/groups/SNS/
2. Dummies.com. “Cloud Computing for Dummies Cheat
Sheet.” Available online at www.dummies.com/how-to/
Some of the cons include:
x Cost. Although the organization saves on capital invest-
ments and maintenance, the costs of its usage can sky-
rocket if it fails to monitor and manage access to the cloud.
x Performance. Cloud computing is scalable; however, per-
formance depends on Internet speed and the number of
users in the cloud at a given moment. If there is a spike in
use, then the cloud may run slowly. A user can never tell if
and when a cloud will be slow.
x Reliance on the Internet. The cloud relies on the Internet.
If the Internet goes down, the cloud is inaccessible.
x Privacy and security. Safeguards do exist to protect the
data of cloud consumers. However, the level of privacy
and security provided is still in question. There is not
enough information to prove or disprove the credibility of
the cloud for privacy and security overall. Regarding its
ability to safeguard PHI, the cloud needs further evalua-
Angela K. Dinh ( firstname.lastname@example.org) is a professional practice resource
manager at AHIMA.
Organizations that use a cloud provider must take appropriate
measures, as they should with any vendor. Contracts need to be
appropriately negotiated and legal counsel consulted.
At a minimum, a contract with a cloud provider should include the following details:
x The security controls that will ensure privacy. Health-
care data must be protected to prevent data breaches and
x Where the data will be stored. Other countries have dif-
ferent laws pertaining to privacy and data ownership.
x Data recovery procedures and data ownership. In the
event the cloud service provider goes out of business, or-
ganizations must ensure all their data are returned and
are not sold off to other businesses for data mining.
x The type of medical information to be stored. Certain
file types such as images can consume large volumes of
data storage and may cost more to store in the cloud than
x Bandwidth and connection speed required to connect
to the cloud. All users, especially busy physicians and cli-