Concerns over cloud identity, security not enough to slow down government program

June 7, 2012

Cloud computing looks to play a major role in the development of a joint electronic healthcare records system for the Departments of Defense and Veterans Affairs, according to a draft of the program's technical specifications package.

Contracts will be handed out to both public and private providers in an effort to create a hybrid cloud for the program. To cope with existing concerns of data protection with public services, the plan looks to install rigid measures to control access to the system and ensure patient identity security in the cloud.

A query by NextGov regarding whether the EHRs themselves would be placed in the public section of the hybrid cloud was not answered, with cloud computing data security remaining a contentious issue for many in the public and private sectors.

Access control
Authorized access to the system will be granted to nearly 450,000 health care personnel between the two agencies, the VA staff accounting for a quarter of a million people alone. Though there will be a large number of personnel on the system as a whole, access to individual records will be a more specifically tailored on a patient-by-patient basis for the authorized clinicians.

A press conference in April revealed that the program will likely be completed in 2017, utilized in 56 defense and 152 VA hospitals. Around 1,300 clinics operated by the departments will also be part of the system. Deployment will begin in 2014 with a pair of pilot hospitals, and will continue to use critical pieces of the existing systems until the final rollout.

Identity Protection
Despite such a large number of authenticated users, the program will operate with a Defense-VA Patient Identity Management System in place to protect sensitive information. The system will utilize digital identities for each patient. These unique identities will be managed on the system to protect the patient's data.

Assistant secretary of Defense for Health Affairs, Dr. Jonathan Woodson, told Congress in April that the Defense Manpower Data Center will manage the program's identity protection services, according to NextGov.

First procurement
With a complex web of systems and services to integrate, the handing out of contracts began in early June with a request for information on a pharmacy component. The request issued for by the joint program is looking for a commercially produced solution, keeping in line with the ultimate goals for much of the total system to combine the efforts of the private sector innovation with government technology initiatives.

-McAfee Cloud Security