HealthcareInfoSecurity.com

Interview with Robert Wah, M.D., of CSC on security issues involved when using remotely hosted applications.Hospitals and physician groups that enter contracts with companies that remotely host systems, such as electronic health records, should spell out that the vendor will bear the cost of complying with new regulations, says Robert Wah, M.D., of Computer Sciences Corp.

In an exclusive interview, Wah, who formerly played a key role in the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology, offers advice for those considering using cloud computing:

• Specify in the contract that the vendor will pay the cost for any additional layers of security needed to comply with emerging regulations;
• Ask the vendor to pinpoint who will have access to the data in the remotely hosted environment and confirm that they are trained in HIPAA compliance;
• Make sure your organization has multiple paths to link to the data center hosting the application to avoid loss of access to data;
• Include in the contract requirements for how often the vendor will back up data; and Make sure the company is willing to have a third party audit the processes and procedures used at its data center.

Wah, a practicing physician and surgeon, is vice president and chief medical officer of CSC's North American public sector civil and health services group. He focuses primarily on the firm's federal health information technology business. He formerly served as HHS' deputy national coordinator for health information technology. Earlier, he served as associate CIO for the military health system in the Office of the Secretary of Defense. He also spent 23 years in the Navy Medical Corps. He is chair-elect of the board of trustees of the American Medical Association.