The report prepared by DigitalHealthEurope explores the potential of cloud technology for the European Health Data Space (EHDS), based on analyses of relevant projects and initiatives.
Key messages include the following preliminary recommendations:
- Define the concept of operation for EHDS infrastructure based on existing use cases.
Study meaningful examples of cloud use (e.g., the projects in this report) and use them as an inspiration for the EHDS infrastructure.
- Agree on approaches to terminology and identity management.
This is a more achievable goal than harmonising the data themselves.
- Define requirements for cybersecurity, encryption techniques and anonymisation.
Healthcare does not fully take advantage of existing mechanisms yet.
- Assess which applications (as services) are best suited to a cloud approach.
Examples from this report relate to terminology management, identity management, encryption, etc.
- Separate requirements for infrastructure from requirements for application services.
Especially in the realm of interoperability, there is a slightly exaggerated focus on syntax and infrastructure.
- Assess implications of applying federated architecture and analysis solutions.
This challenge aligns well with the envisioned EHDS concept since it intends to build on existing infrastructure rather than aim at centralising data. In the application of a federated architecture, it is important to ensure agility to support the incremental and evolutive integration of different data sources and data consumers.
- Consider the physical location of the cloud service provider.
Having a Europe-based provider is of strategic interest.
- Define rules regarding which kind of cloud solutions can be part of EHDS.
Especially when choosing a cloud service model (e.g., SaaS), this can have big security implications.
- Leverage emerging technologies by including them in an assessment process.
Artificial Intelligence, blockchain, big data and others are pull-factors for the uptake of cloud technology but are scarcely being used in healthcare practice currently.
- Build or buy the services needed to host applications on the cloud.
Conceptualise the envisaged services first, then commission services fit for purpose.
- Define requirements for a common approach towards electronic contracts, including citizen’s informed consent.
Standardised electronic consent forms which are comprehensible would foster transparency and citizen’s trust, particularly if citizens would be notified in case of violation of data protection. Blockchain technology may be considered for such service.
- Develop a standard communication protocol allowing citizens to download their health data in a structured and machine-readable format.This proposal for a protocol is in line with the GDPR. Such protocol could be based on FHIR (as a transport mechanism for the data), eIDAS (as a means of identification of the individual), and the International Patient Summary (for structured content of the health data).