In recent years, healthcare has seen a shift towards digitalisation. In order to meet these needs, hybrid cloud data storage has emerged as a popular solution, by offering the control and security of on-premises storage with the flexibility and scalability of cloud storage. This blog will explore the shift towards digitalisation in healthcare and why hybrid cloud storage is an effective and compliant option within e-healthcare.
Drive to digitalisation in EU healthcare
Healthcare systems are becoming increasingly dependent on information and communication technologies to deliver quality care to EU residents. As a result, digital health was set up as one of the priorities of the EU’s i2010 programme over a decade ago. Even now, healthcare has remained as one of the six high-level priorities of the European Commission for 2019-2024. All of the six priorities link strongly to the ongoing digitalisation, to the point that the strategy is simply titled A Europe fit for the digital age.
Across verticals, the aims are to make sure that digital transformation works for the people and the economy, while also closely linking it to the “green transition” towards the dream of a climate-neutral Europe by 2050.
Why data residency matters
Healthcare data is obviously something one wishes to keep private and closely controlled, and that includes where it is stored and processed, and by whom. Strictly speaking, data residency only describes where your data is stored at rest – not where it might be copied to for processing. A related term is data sovereignty, which refers to the legal ownership of data.
Data residency is a critical issue for any organisation with customers, partners or even employees in more than one country. Often several external stakeholders are involved as well, such as governments and other businesses. Each of these stakeholders has different interests and needs, that can sometimes even conflict with each other. This makes data residency requirements a moving target, and often there is no one-size-fits-all solution.
An example of this conflict is how the European Union has passed laws requiring organisations to store certain special categories of personal data, including healthcare-related data, within the European Economic Area (EEA)or another pre-approved country to protect the privacy of all EU residents. However, other countries, such as China and Russia, have passed laws requiring companies to store data within their borders. Obviously, fulfilling both requirements simultaneously is like tight-rope walking at best, prone to costly errors and practically impossible for any larger number of users.
Countries with an adequate level of personal data protection laws – Data protection around the world | CNILIn the European Union, the General Data Protection Regulation (GDPR) forbids storing or processing any Personally Identifiable Information outside the EEA, unless the destination country is deemed by the European Commission to provide a level of personal data protection comparable to that provided in European legislation. As of February 2023, only a very small number of countries fulfil the requirements.
Careful management of data residency doesn’t just fulfil regulatory and legal demands but can also protect data from unauthorised access by other countries. This is vital for security and confidentiality, as such unauthorised access could be undetectable by normal intrusion monitoring systems, or it may even involve legal gag orders.
Why storing all data on-premises is often not the best solution
Organisations may store data in multiple locations, including on-premises, in the cloud, or in both – in a hybrid environment. Each option has different implications for data privacy and security.
On-premises data storage naturally gives an organisation physical control over the servers that store its data. However, the organisation is now responsible for ensuring that the data is stored securely and is accessible only to authorised personnel – and that its availability and scalability satisfy the business requirements. Getting five nines uptime, ensuring that the system is fully operational 99.999% of the time, is no trivial task, and dedicating 24/7 IT resources to manage and maintain the services is a major burden.
Cloud-based data storage offers more flexibility and scalability than on-premises storage. Organisations can choose from various cloud-based storage solutions, such as public cloud, private cloud, or hybrid cloud, which I examined in closer detail in a recent Understanding hybrid cloud blog. Cloud storage can be much more cost-effective than on-premises storage, but it may raise questions on how data residency issues are handled due to the organisation not having complete control over which jurisdiction the data is stored under.
In all cases however, if the data is encrypted and the keys are not accessible by the cloud service provider, then from a privacy perspective, the legality of whether the cloud provider could be compelled to hand over the data becomes irrelevant.
Why hybrid cloud for e-healthcare
Sometimes, it is indeed possible to have your cake and eat it, and the key to that was already known thousands of years before “cloud” meant anything else than a mass of water droplets suspended in the sky. The key is to divide and…perhaps not conquer, but to embrace both on-prem processing with cloud processing. The end result – lowering your expenses while improving resilience and compliance – is worth the initial cost.
Before working from home reached critical density, it was common in any organisation to divide stored digital identities and their related data as internal/trusted, and external/less trusted. Organisations are therefore familiar with dividing data into two classes. Embracing hybrid cloud merely expands that to include customer data.
With the rapid and accelerating growth of the e-health sector, hybrid cloud solutions are not just a convenience, but a business driver. Few home-grown solutions can keep up with 15-25% annual growth and working in multiple jurisdictions can easily become a legal minefield that paralyses the organisation – just when it would be the best opportunity to expand operations across borders.
Working with customer data is a natural start, and expanding that to include the varied B2B opportunities, such as co-operation with pharmacy chains, is exactly the type of problem that Ubisecure is perfectly placed to solve. Healthcare remains one of the key priorities for the European Commission, and its sustained rapid growth, combined with strict privacy demands make it a very good match for a hybrid cloud IAM solution.