Canadian Healthcare and Google Cloud - A safe place to continue your modernisation journey.
Frank Currie
Customer Engineer, Google Cloud
Farrah Pirani
Field Sales Representative, Healthcare Canada, Google Cloud
Is Cloud an option for Canadian Healthcare healthcare and medical research organizations?
Yes, Canadian healthcare and medical research organizations are moving to the cloud. The cloud market is expected to grow in Canada significantly through 2027.
There are several reasons why Canadian healthcare and medical research organizations are moving to the cloud.
Reduce costs by eliminating the need to invest in and maintain on-premises infrastructure.
Enable the healthcare research community to drive their research more expediently to clinical outcomes
Improve patient satisfaction by making it easier for patients to access their health information and communicate with their providers.
Improve the quality of care by providing access to patient data and records from anywhere in the country.
Overall, the transition to the cloud is a positive development for Canadian healthcare and medical research organizations.
Canadian healthcare providers face many challenges before they can move to the cloud, such as addressing security and privacy concerns, data sovereignty issues, and ensuring interoperability. To help them overcome these challenges, it is important to provide Healthcare Data Custodians, Infrastructure Architects, and Research Leads with clear guidance on how the cloud can align with Canadian Healthcare Regulations. This will allow them to have a practical understanding of what is required to enhance their cloud journey and facilitate a smoother transition to the cloud.
iSecurity and MD+A Health are actively assisting Canadian healthcare and medical research organizations in comprehending the risks and exploring pathways to embrace the cloud. Through extensive research and analysis, iSecurity and MD+A Health have evaluated Google Cloud as a suitable platform for healthcare. Their diligent efforts have resulted in the production of comprehensive documents that detail their findings via a Threat Risk Assessment (TRA) and a Privacy Impact Report (PIA).
Why a Threat Risk Assessment?
A threat risk assessment is a process of identifying and evaluating threats to an organization and then determining the likelihood and impact of those threats. The goal of a threat risk assessment is to identify the most serious threats and develop mitigation strategies to reduce the likelihood and impact of those threats.
A threat risk assessment typically involves the following steps:
Identify threats: The first step is to identify all potential threats to the organization. This can be done by brainstorming, interviewing experts, or reviewing historical data.
Evaluate threats: Once the threats have been identified, they need to be evaluated in terms of their likelihood and impact. The likelihood of a threat is the probability that it will occur, while the impact of a threat is the severity of the consequences if it does occur.
Prioritize threats: The threats need to be prioritized based on their likelihood and impact. The most serious threats should be addressed first.
Develop mitigation strategies: Once the threats have been prioritized, mitigation strategies need to be developed to reduce the likelihood and impact of those threats. Mitigation strategies can include things like implementing security controls, training employees, and developing contingency plans.
Implement mitigation strategies: The mitigation strategies need to be implemented and tested to ensure that they are effective.
Monitor and review: The threat risk assessment should be monitored and reviewed regularly to ensure that it is still effective.
Why a Privacy Impact Assessment?
A Privacy Impact Assessment (PIA) is a process that organizations use to identify and assess the privacy risks associated with a new or changed information technology (IT) system or project. The goal of a PIA is to help organizations protect the privacy of individuals whose personal information is collected, used, or disclosed by the IT system or project.
PIAs typically include the following steps:
Identifying the purpose of the IT system or project and the types of personal information that will be collected, used, or disclosed.
Identifying the privacy risks associated with the IT system or project.
Assessing the likelihood and severity of the risks.
Developing and implementing controls to mitigate the risks.
Monitoring the effectiveness of the controls.
PIAs are an important tool for organizations to help them follow privacy laws and regulations. They can also help organizations build trust with their patients, employees and the research community by demonstrating their commitment to protecting privacy.
The benefits of conducting a PIA:
Helps organizations identify and assess privacy risks
Helps organizations develop and implement controls to mitigate privacy risks
Helps organizations comply with privacy laws and regulations
Helps organizations build trust with customers and employees
Why Google Cloud?
Google Cloud is committed to providing Canadian healthcare organisations with an environment to expand both their clinical and research environments. Google Cloud has invested significant resources into building out a cloud environment based on best practices coming from Google's experience running some of the world's largest platforms.
Some highlights include:
Built-in security features that help protect your data and applications from unauthorized access, use, disclosure, disruption, modification, or destruction.
A comprehensive security management platform that helps you assess, prioritize, and address security risks across your organization.
A team of security experts who can help you design, implement, and manage your security solutions.
A wide range of security training and resources to help you learn about and stay up-to-date on the latest security threats and best practices.
iSecurity’s thorough, independent PIA and TRA assessments of Google Cloud will help Canadian healthcare organisations, such as ours, review the effectiveness of Google Cloud's security and privacy controls. These assessments provide additional confidence in the validation of Google Cloud’s critical controls, a clear understanding of customer responsibilities and ultimately will help accelerate the migration of patient and research data to the cloud.
Kashif Parvaiz, Regional CISO, University Health Network (UHN)