I just had some folks from the local health department (which has a program to help MD's attain MU) come to the office to walk through the security assessment. When we got to the EMR implementation and I told them I was going to the cloud, they said that makes the assessment easier, since you no longer have to deal with local network, hardware and server security issues.
The most obvious question is do you have a way of auditing access to the cloud? How do you know someone you don't know is logging in from a different state or if employees are logging in from home?
Viruses on machines you use to connect to the cloud, DDoS attacks that will knock your Internet, etc. Basically all the same threats are there with the exception of the one you are putting in the cloud. But now there is a new layer of security involved in protecting the cloud application.
Yikes, I'm scared if they told you no longer have to deal with the local network. A simple keylogger on any system and they can access your data from anywhere in the world. Not to mention, people still keep a lot of data outside of AC (word documents, faxes, etc.). These still need to be secured.
.png "ACUF Donor I")
