MITIGATION RISKS IN HYBRID CLOUD DEPLOYMENT: A ZERO TRUST ARCHITECTURE PERSPECTIVE FOR PROTECTED HEALTH INFORMATION (PHI)

Abstract

Hybrid cloud infrastructures are increasingly being used to manage Protected Health Information (PHI) as a result of the healthcare industry's rapid digital transformation. But this development has also brought forth complicated security issues, especially when it comes to protecting private patient information from hacks and illegal access. In three fictitious healthcare institutions with differing degrees of IT maturity, this study assessed how well Zero Trust Architecture (ZTA) mitigated PHI-related vulnerabilities in hybrid cloud settings. A mixed-method methodology was used in the study, which included qualitative stakeholder feedback, mock compliance assessments, and simulated risk audits. The results showed that when ZTA was implemented, there was a notable decrease in data breach events, an improvement in HIPAA compliance scores, and a stronger enforcement of access control measures. Although even environments with limited resources profited from fundamental Zero Trust principles like role-based access restriction and multi-factor authentication, institutions with established cloud infrastructures shown the most gains. As a scalable and efficient framework for improving data security and regulatory compliance in hybrid cloud healthcare deployments, the findings support the strategic incorporation of Zero Trust principles.