They are the subject of heated and controversial debate. But it is also a fact that without cloud solutions, many useful digital applications in healthcare would not even be possible today – a fact that will become even more pronounced in the future. That’s why we need to work now on managing healthcare data securely and efficiently via the cloud, especially here in Germany.
Anyone who has ever watched the sky knows: clouds are not all the same. Sometimes they herald an imminent half-world-ending, and sometimes they magically disappear without a drop of rain, which is either a sign of warming (warm air can hold more water vapor) or the result of powerful winds that send the clouds elsewhere to unload.
It’s a similar story with the digital cloud, the cloud that’s “floating” somewhere up there and to which we’ve recently been sending our data. For some, it is the cumulonimbus (storm cloud) that brings disaster in the form of heavy rain and storms. Others see it as a harmless fleecy cloud. Both sides are right when it comes to the digital cloud. In principle, it is an ingenious invention, without which the rapid progress of digitization would not be possible. Nevertheless, it must be used with caution and, above all, security standards must be carefully checked to ensure that there is no thunder and rumble in terms of IT and data security.
KHZG and new solutions put cloud on the agenda
However, if you read between the lines in our legislator’s texts, it should come into play. For example, the KHZG’s mandatory criteria have already put the cloud clearly on the agenda of German acute hospitals. After all, new services such as video consultation hours and other communication tools can only be used efficiently and efficiently with the cloud. And if we think back to the months since the Corona virus broke out, we wouldn’t want to miss out on such solutions that are beneficial to care, would we? And here I’m not even talking about possible scaling problems or the classic “false necks” that automatically arise with isolated, local and possibly single server dependent services. But I’m sure Corona has given us some scenarios of possible overload here, and thus some new experiences.
And yet there is not just one big weather situation when it comes to the cloud in Germany. As with the “real” weather, the sun can be shining in Schleswig-Holstein while a thunderstorm is brewing in Bavaria. What’s more, the federal structures support a variety of local “weather capers” in the form of state data protection and/or hospital-specific laws. In particular, the data protection rules of some federal states simply do not permit the efficient use of cloud solutions. There are countries in which patient data is de facto not allowed to leave the clinics. The data protection laws there date back to the nineties, i.e., to a time when the Internet was slowly being commercialized and microfilm was still the long-term storage medium of choice. Is this in keeping with the times or does it promote innovation? One look at the wording of the KHZG is enough for a clear no. That’s why it’s finally time for a legislative update in many countries.
Cloud solutions too insecure
The killer argument against cloud solutions is always their supposed insecurity. So let’s talk about security. Health data are clearly attractive targets for hackers. But where is the danger greater, in a clinic or doctor’s practice where the operators, usually not specialists, are responsible for IT security themselves, or with a professional cloud service provider whose core business is data, information and IT security?
It must also be clear that there is no such thing as one hundred percent security. Cybercrime is the modern arms race of our time. And if we draw this comparison, it is also clear that such a battle is more likely to be won with a strong community than by standing alone in the open. Conversely, this means that a cloud can offer a high level of IT security, perhaps even a higher level than an isolated solution in a single clinic or practice. If we are honest, we know that only very few hospitals can afford a high-performance infrastructure or AI solution that is based on the exact security standards required by the healthcare sector’s sensitive data. The counter-argument then usually comes that a security incident in a small practice or localized in a small clinic also causes less damage. Definitely. It’s just that they are easy prey for hackers, which makes attacks attractive and thus tends to increase the frequency of such attacks.
And then there’s also the efficiency advantage gained when infrastructure is made available via the cloud. This is where collaboration and a new kind of collaboration can emerge in the future. Namely, when value-based and personalized medicine is advanced via a professional cloud in which Big Data and research competencies can be bundled and expanded. And above all: the patient can access his or her data around the clock throughout Germany, Europe and even the world. This enables individualized treatment with the individually preferred practitioners – regardless of local restrictions.
ENISA sees healthcare as a cloud role model
Because the cloud is also becoming increasingly important in healthcare, the EU’s cybersecurity agency ENISA has now looked specifically at its security for healthcare and derived concrete security advice from it – with a remarkable finding: the increased security requirements for processing healthcare data in a cloud can be an example of how sensitive, critical data can also be protected in the context of cloud services. This makes the healthcare sector a role model and pioneer for securing cloud services where data requiring special protection is to be processed.
We must extend this potential European lead. After all, there are enough good cloud providers in this country, too, so that we don’t have to store our patients’ data or that of our clinics on the other side of the Atlantic. On the contrary, we should use the thrust of the KHZG and many other laws to drive forward the expansion of cloud solutions “made in Germany” or “made in Europe” in healthcare. ENISA has drawn up the guidelines for this in its report. Now it is up to the players to put these findings into practice in the area of critical infrastructure as well and to assume the pioneering role assigned to them.
I see a great opportunity here and also a strong added value for patients and the healthcare system if we also accept and use the opportunities that cloud solutions offer. I am not saying that we can already do this today on all levels. There is definitely still some homework to do – from the legislator and the service providers, from an adjustment of the data protection guidelines, to the training of appropriate specialists right up to top management. But we should already be open to these possibilities today. After all, we’ve learned that a cloud of sheep doesn’t necessarily mean the big storm is about to hit. The good thing is that we are still in control of which direction the wind blows from and can set our sails accordingly and even build wind turbines.