When it comes to safeguarding electronic health records, location matters.
In July, a transformer exploded at the headquarters of AHS’s cloud provider and damaged the computer network on which AHS’s health records were stored.
The vendor’s backup system, which was located in the same building, also collapsed.
The meltdown left Alberta’s doctors and surgeons with no record of their patients’ medical histories and forced the cancellation of approximately 110 elective surgeries and 298 ambulatory procedures over a two-day period. 
AHS’s computer system is now back and running, but the damage has already been done.
The Canadian incident reflects the need of organizations to replicate sensitive data in geographically distributed data centers. Not doing so is tantamount to “placing all your eggs in one basket,” and makes valuable data more likely to be wiped out in the event of a disaster.
Alberta Health Services is not alone in moving its health records to the cloud. In the U.S., Federal entities such as the Department of Defense (DoD) and the Department of Veterans Affairs (VA) are also working toward shifting their electronic health records to the cloud.
The growing abundance of cloud-based health records must be tempered with the reality that information could be damaged or lost if it is not kept in geographically dispersed data centers.
Some policy makers understand this reality but at best underplay its importance.
For example, although the Australian government encourages using multiple data centers to store cloud-based information, it does not explicitly require significant geographic distance between data centers. Similarly, although the EU Data Protection Working Party recommends replicating cloud data across multiple data centers, its members fail to mention that centers should exist in physically dispersed locations.
Leaders should acknowledge that restricting data to a single geographic location or to closely clustered data centers puts information at risk.
They should also indicate in their strategic guidance that multiple data centers separated by sizeable distance are necessary for ensuring the continuity of operations in the event of a hurricane, explosion, or other natural or man-made disaster.
IT decision-makers, too, should move toward ensuring the continuity of their operations by carefully selecting cloud providers.
The chosen providers should be transparent and forthcoming about their data center locations. Transparency enables organizations to more effectively safeguard their health information and ensure that user privacy is not compromised.
Individuals rely on the cloud because it allows them to access information from any device at any time. If one device fails, another can be used. The mantra should also hold true for providers.
Leaders should select cloud providers that replicate health information in geographically distributed data centers and are transparent about the physical location of their data. That way, if one egg cracks, we can be sure that another remains whole.