Gienna Shaw has an article on HealthLeaders Media about healthcare entities using cloud services. She includes a number of helpful examples of how cloud services can be a boon to entities, but unfortunately, there is no real discussion of the security and privacy risks in the article.
The potential problems in using cloud services are significant, not the least of which is that the entity needs to know where the server is (in what country) the data will be stored or hosted. Even when dealing with a U.S. cloud service, the data might not actually be on a U.S. server, which has implications for data security, data retention, and protection. There are also issues involving access, ownership of data and what happens in the event of a data breach — can the entity have full access to conduct its own forensics or will the cloud service insist that only its employees can conduct the assessment?
Privacy and security issues in cloud computing have been discussed over on PogoWasRight.org and DataBreaches.net and will continue to be topics there in the foreseeable future as more and more entities explore cloud services. Here are just a few links to get you started understanding the considerations and risks — and not just the potential benefits — that you need to consider: