Top Menu

SaaS or on-premises? The security challenge for healthcare applications

The healthcare industry faces a difficult paradox when it comes to IT services. Healthcare has some of the most tightly governed restrictions on how information is managed, but it runs the risk of not delivering services effectively enough if it can’t access modern IT service options.

There are pros and cons of using cloud-based and on-premises applications within healthcare organizations. Some information, like medical records, has tight location restrictions. Other data, like anonymous medical trial results, can be processed in the Cloud without the risk of personal information loss. In all cases, the security model around healthcare data must be thoroughly considered.

On-premises security


Using on-premises infrastructure and applications is the long-standing way of managing IT in healthcare. Legal restrictions over how information is stored and shared mean that in many cases clinics have not investigated how IT can be modernized. In fact, healthcare has been one of the slowest industries to modernize its many paper-based processes. Written notes and treatment plans are still routinely used by front-line clinicians.

With this type of “legacy” a day-to-day reality of healthcare, CIOs have a good opportunity to use more on-premises options for modernizing IT and making it more secure in the process.

For a start, paper is not necessarily more secure. Paper documents can be stolen and can be irretrievably lost in the event of a fire. By digitizing a paper-based process and having the right data protection plan in place, the security level of a previously paper-dependent practice can be increased significantly.


Another challenge with on-premises systems in healthcare is giving the right staff access to sensitive information where they are working and allowing a network of clinics and specialists to access patient data when applicable. Having tightly controlled data storage is one thing and allowing access to it is another. Data transmission plays a crucial role in any healthcare security strategy.

Software as a service (SaaS) security

Healthcare might have a more difficult path to the Cloud compared to less regulated industries, but CIOs should not overlook any potential to improve processes and innovate by using cloud-based options. Start by profiling apps and data to determine what can be hosted off-premises without getting yourself into trouble with the regulators. Business requirements like:

  • Websites
  • Anonymous data processing
  • Entertainment content

can be delivered by SaaS apps. Applications that use sensitive data need to be reviewed on a case-by-case basis and CIOs should consider if moving to the Cloud is inherently more secure than what they have now.

, , , ,