Earlier this month (14 July 2016), the European Union Agency for Network and Information Security ("ENISA") asked for participants for a study on cloud services in the context of eHealth. This study builds on an earlier study on security and resilience in eHealth that included an analysis of cloud services, and seeks to identify both security opportunities and barriers to the adoption of cloud services in the healthcare sector. This study may pave the way for future development of EU-wide regulatory policy on good practices relating to e-health especially in terms of cybersecurity of highly sensitive health data being stored digitally in logical pools managed by hosting service providers.
ENISA is a centre of expertise for cyber security in Europe. It works with Member States and the private sector to develop advice and recommendations on information security and good practice. In particular, it supports policy development in the EU, assists Member States to implement EU legislation, and works to improve the resilience of critical information infrastructures and networks within the EU.
In 2015, ENISA completed a study entitled "Security and Resilience in eHealth Infrastructures and Services". The study analysed the basic security challenges in eHealth services, focusing on three basic, and yet critical, uses: cloud services supporting eHealth, electronic patient health records and national eHealth services (e.g., ePrescription). Cloud services were defined as "sharing information and medical processes within a healthcare stakeholders' network by establishing public, private or hybrid cloud infrastructures."
Cloud services were noted as being highly relevant in healthcare as, according to the study report: "Healthcare professionals need access to the patient’s information. They are using smart technology via open networks, mostly targeting at accessing securely pre-existing e-services. Other types of cloud services incorporate use of social media or other technologies to create open services with healthcare orientation ... Cloud services usually focus on open data services especially for public cloud." The report identified a number of risks associated with cloud services, including network security and the lack of security expertise in this area, and recommended a thorough study of cloud implementation in healthcare.
This recommendation is the basis for ENISA's current study. One of the key focuses of the study is to establish the current extent to which cloud services have been adopted in the healthcare sector and to find examples of eHealth and healthcare services that are already deployed in the cloud. In order to understand the relevant issues, ENISA has launched an online survey targeted at CIOs, CISOs, doctors, patients, healthcare providers and manufacturers, cloud providers, and public authorities that are involved within the healthcare sector. The survey asks for comments on the benefits, risks and challenges associated with the use of cloud services in healthcare, measures to ensure security and interoperability, and compliance with data privacy requirements.
Details of how to participate in the study are available on ENISA's website.