Storing Data in the Cloud

Clouds in the sky

Over the last several years “cloud computing” has become an increasingly popular term, and a vast array of cloud providers offering differing services have sprung up. Among the most popular of these are cloud storage providers. They include names like: Dropbox, Microsoft SkyDrive, Google Docs, and Amazon Cloud Drive to name just a few. What makes these services popular are their free to low-cost pricing models, easy to use interfaces, and the promise of being able to access your data from any device, any time, from anywhere. This sounds great, and it is, for storing personal documents, photos, and contacts. However, using these services to store sensitive and/or regulated data is another matter.

For example, when dealing with patient data, the Health Insurance Portability and Accountability Act (HIPAA) requires a legal agreement, known as a Business Associate Agreement (BAA) to be signed before we’re able to share patient data with a third party. At the present time Emory does not have BAAs in effect with any of these cloud storage providers. 

Data that Emory classifies as “confidential” or “restricted” data should never be stored with a cloud provider unless Emory has explicitly approved the provider. See http://policies.emory.edu/5.12#definitions for more information about what constitutes restricted data. 

Emory’s Library & Information Technology Services (LITS) is currently evaluating options for providing secure cloud storage options. Please be on the lookout for future communications about this effort.