The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful. With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services.
European healthcare is particularly affected by such restrictions. This has motivated a significant group of organizations and policymakers to come together and launch a collective “call to action” to European policymakers, urging greater support and reforms to enable broader use of cloud computing in healthcare. The Call to Action was previewed at eHealth Week 2016 in June.
Cloud computing is increasingly seen as integral to telemedicine, large scale research and collaborative patient care; in its Call to Action, the European Cloud in Health Advisory Council pointed to cloud computing’s significant mobility, cost and data protection benefits; advantages which similarly heavily regulated sectors, such as financial services, have been quicker to take advantage of.
Facing up to a mix of often outdated rules and attitudes across Europe, the Call to Action invites national and EU policymakers to consider four specific policy actions:
- Lead by example, through pro-cloud policies, inspired by UK and Irish national policies suggesting that cloud should be preferred over local or “in-house” solutions.
- Modernize and clarify rules governing cloud computing in health, for instance following Belgium’s lead; in 2014, it found that it could bring significant improvements by tweaking a law requiring storage of patient records “in” hospitals, so that it now simply requires storage “by” hospitals – e.g. in the cloud.
- Simplify cloud service compliance procedures. For pan-EU organizations, complying with local requirements is considerably easier when they follow international standards, such as ISO/IEC 27001 and 27018. France, for example, is currently revising its demanding “patient data host” certification process.
- Align cloud policies and standards across Member States. Cloud computing is at its best when it can leverage economies of scale and the free flow of data. For example, really large scale research only becomes possible once patient data from different populations can be compared across countries. The Advisory Council called for greater coordination of national rules and policies, and suggested that countries should avoid layering rules on top of EU or international standards.
It will be interesting to see whether national and EU policymakers take this to heart; they have the opportunity to do so, and a seemingly clear health imperative.