Cloud-based Healthcare Call Centers Pose Security Challenges

By Tracey E. Schelmetic, TMCnet Contributor

Cloud-based applications and data storage have revolutionized businesses and completely changed the shape and configuration of enterprises, allowing for unprecedented mobility, flexibility and functionality. While companies have reveled in the kind of freedom and cost savings cloud-based solutions have provided, many of them have fretted about what is perceived as a major down-side of cloud-based solutions; security, particularly in sensitive industries such as financial services and health care, or in call centers that maintain a lot of customer data.

Health care is a particularly sensitive industry when it comes to the confidentiality of patient data, largely because of the incredibly personal data health organizations maintain, as well as the federal laws that mandate keeping this information contained (HIPAA, for starters). As the U.S. population continues to age, enrollment in health insurance is climbing, and health care organizations are increasingly looking to store more patient information in the cloud.

Many companies in the healthcare industry are being challenged to serve more patients and members to both improve the quality of care and reduce operational costs, wrote Healthcare IT News' Rich Sadowski last week. While doing those things – serving more patients and keeping quality of care high while pressured to keep costs down – sounds counter-intuitive; many companies are succeeding with this task by partnering with virtual service providers, including home-based medical transcriptionists, recruiters, and call center workers, writes Sadowski.

How are call centers playing a part in this? By using cloud-based technologies, call center entities that employ healthcare-oriented agents are able to keep costs down by using home-based workers, allowing them to use talent located anywhere in the U.S. without the need of expensive relocation and specialized recruiting. The trend is catching on, reports Healthcare IT News. According to analyst group Ovum (News - Alert), healthcare organizations outsource seven percent of call volume to home-based agents, and that number is expected to grow to 10 percent through 2015.

This is where the security concerns come in:

“While virtual companies have shown they provide high value, information privacy concerns and strict security regulations are still preventing some healthcare executives from exploring the use of home-based agents,” writes Sadowski. “Sending patient and policyholder calls to remote workers does present unique security challenges. Fortunately, leading virtual contact centers have security systems and processes in place that help protect information in the cloud and deter misuse of sensitive patient data.”

Suggestions for keeping patient data safe include back-to-back firewalls between the healthcare service provider and enterprise network infrastructure, multi-factor authentication for patient data, role-based access control for some data (managers only, for example), vetting employees thoroughly prior to hire, engaging settings disallowing any copying of files off sensitive databases, and putting a wall between agents and patients which would require customers to enter sensitive information directly via a phone's keypad so that agents never see it. Sadowski also recommends that healthcare organizations work with organizations that have achieved third-party validated compliance of HIPAA, HITECH Act, and Payment Card Industry Data Security Standards (PCI (News - Alert) DSS) Level 1 certification.