Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

CSA Official Press Release

Published 06/10/2021

Cloud Security Alliance New Telehealth Risk Management Guidance to Help Ensure Privacy and Security of Patient Information

Cloud Security Alliance New Telehealth Risk Management Guidance to Help Ensure Privacy and Security of Patient Information

Paper analyzes concerns in each phase of the data lifecycle and presents suggested mitigation strategies

SEATTLE June 10, 2021 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today announced the release of Telehealth Risk Management, new guidance from the CSA Health Information Management Working Group, which focuses on the importance of healthcare delivery organizations (HDO) having processes and controls in place to ensure the privacy and security of telehealth patient information in the cloud in accordance with HIPAA privacy rules and the GDPR. The document offers best practices for the creation, storage, use, sharing, archiving, and possible destruction of data through the lens of governance, privacy, and security.

“During the COVID-19 pandemic, the rules governing telehealth changed dramatically, prompting health delivery organizations to quickly update and revise their governance and risk programs. Now, with the rapidly changing demands and regulatory requirements for telehealth, it’s essential that HDOs have effective governance and risk programs to ensure a smooth and seamless transition while improving their current risk postures,” said Dr. Jim Angle, the paper’s lead author and co-chair of the Health Information Management Working Group.

An HDO’s ability to manage telehealth data and the associated processes is essential to achieving its data security and data privacy goals. Developing and implementing a risk management program for telehealth requires a strong governance program, which serves not only to underscore the organization’s commitment to managing its information and risk but also compliance with all applicable laws, standards, and regulations.

“Maintaining the sanctity and integrity of healthcare data is of paramount importance not just from a regulatory perspective but also from the viewpoint of patient safety. As data collection continues to increase in speed and scale, the analytic techniques used to process these data sets become more sophisticated, and the use of data becomes more varied,” said John Yeoh, Global Vice President of Research, Cloud Security Alliance. “Big data analytics will continue to expand the use of health data used in telehealth, and while this presents a huge opportunity for health research, proper care must be taken to prevent its loss or misuse.”

As healthcare entities look to secure their data, blockchain is taking center stage, thanks to the fact that it allows for efficient data sharing while simultaneously ensuring patient privacy and data security. The Health Information Management working group’s upcoming (due in June 2021) white paper, The Use of Blockchain in Healthcare, examines its application not only in telehealth, but in research, patient administration, finance, and supply chain.

Dr. Angle will be speaking during three sessions on various topics related to security and privacy in the healthcare field at the upcoming HIMSS 2021, specifically:

  • HIMSS Healthcare Cybersecurity Forum (Aug. 9). In this pre-conference event, attendees will learn how leading provider organizations are protecting healthcare’s expanding digital footprint and securing data inside and outside the hospital, including technologies such as telehealth, remote monitoring, and wearables.
  • Protecting the Privacy of Healthcare Data in the Cloud (Aug. 10, 11:30am - 12:30 pm, Caesars, Forum 123). In this session, attendees will learn, among other things, about the six phases of the cloud data lifecycle and the importance of the data lifecycle as it relates to privacy.
  • HIMSS Cybersecurity Command Center on Product Management What, How, and Why (Aug. 10, 1:15-2 pm, Caesars Forum Conference Center, Booth C300, Theater A). This session will examine what it means to be a product manager in a service organization.

The CSA Health Information Management working group aims to provide a direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications, and storage) to their clients, and to foster cloud awareness within all aspects of healthcare and related industries. Individuals interested in becoming involved in Health Information Management future research and initiatives are invited to join the working group.

The paper is available at no charge. Download the full Telehealth Risk Management now.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, training, certification, events, and products. CSA's activities, knowledge, and extensive network benefit the entire community impacted by cloud — from providers and customers to governments, entrepreneurs, and the assurance industry — and provide a forum through which different parties can work together to create and maintain a trusted cloud ecosystem. For further information, visit us at, and follow us on Twitter @cloudsa.

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.