AWS Public Sector Blog

Build secure and scalable data platforms for the European Health Data Space (EHDS) with AWS

This post explains how healthcare organizations and partners can use Amazon Web Services (AWS) to build secure and scalable infrastructure for secondary usage of health data in alignment with the European Health Data Space (EHDS). This is the first of two posts describing an AWS reference architecture for EHDS. The second post will provide step-by-step technical guidance on how to implement this reference architecture on AWS.

AWS branded background design with text overlay that says "Build secure and scalable data platforms for the European Health Data Space with AWS"

Healthcare organizations face challenges such as fragmented health systems, limited interoperability of health data, and the need to enable citizen control over their personal health data, foster a thriving digital health market, and unlock the potential of health data. To address these challenges, the EHDS aims to establish a common framework and infrastructure for the use of electronic health data across the European Union (EU). The EHDS is “a health-specific data sharing framework establishing clear rules, common standards and practices, infrastructures and a governance framework for the use of electronic health data by patients and for research, innovation, policy making, patient safety, statistics or regulatory purposes.” For the implementation of EHDS, healthcare organizations will need secure, robust, scalable, and compliant technology solutions to build the underlying data platforms and meet EHDS requirements. This is where AWS can provide the needed technical support.

AWS offers cloud services that can help healthcare organizations and AWS partners implement EHDS-aligned data infrastructures, as described in this post. By adopting a collaborative, cloud-based approach, the EHDS can use the scalability, flexibility, and security of cloud infrastructure to create a decentralized yet interconnected health data sharing ecosystem across the (EU). This could enable greater data accessibility, interoperability, and innovation in the healthcare sector while maintaining strong data governance and control.

Use case and challenges

We propose a reference architecture based on an EHDS example provided by the European Commission. In this example, a health tech company is developing an artificial intelligence (AI)-based medical decision support tool that compares patient images to a large dataset without moving them. Prior to the formation of the EHDS, the company would have faced the following challenges:

  1. No access to cross-border datasets, data fragmentation, and lack of interoperability
  2. Regulatory uncertainty and compliance challenges
  3. Technological and security barriers

The EHDS regulation and AWS infrastructure provide a clear path to address these challenges and enable the health tech company to innovate.

AWS offering

AWS provides a suite of services to our customers and partners in order to tackle these challenges:

  1. Using the EHDS and services such as Amazon Simple Storage Service (Amazon S3), Amazon Athena, and AWS Glue will enable storing, accessing, processing, and managing cross-border datasets. Importantly, AWS services provide support for HL7 FHIR, openEHR and Observational Medical Outcomes Partnership (OMOP) standards, which are widely adopted in the EU.
  2. AWS provides healthcare organizations with regulatory and compliance support, thanks to its strong track record of compliance with relevant healthcare regulations, including certifications like the Cloud Computing Compliance Controls Catalog (C5) in Germany, the Hebergement de Données de Santé (HDS) in France, and HIPAA in the US. Moreover, the Good Laboratory Practices, Good Clinical Practices, and Good Manufacturing Practices (“GxP”) Compliance on AWS solution enables a secure and highly available infrastructure aligned to the requirements of life science organizations for validated and controlled workloads.
  3. AWS Clean Rooms and Amazon DataZone provide data governance and data collaboration services that enable secure and privacy-preserving data sharing and analytics.

AWS reference architecture

Our proposal for the technical infrastructure for EHDS offers a cloud-based, collaborative framework for sharing and uses health data across the EU. Key components include:

Decentralized data ownership – Data holders maintain ownership and control over their health datasets. Data catalogs and control and audit tools for the sharing and consumption of data products built on AWS services facilitate secure data publishing and sharing.

Healthcare data products – Well-defined, curated datasets adhering to common standards such as HL7 FHIR, OpenEHR and OMOP CDM. A centralized data catalog, potentially on AWS Data Exchange, provides product information.

Self-service infrastructure components – Cloud-based tools for data integration, transformation, security, and governance. Includes services such as AWS Glue, AWS Lambda, and AWS Key Management Service (AWS KMS). Infrastructure as code (IaC) service AWS CloudFormation helps producers and consumers easily deploy the needed infrastructure.

Federated data governance – Governance policies set by the European Commission and member states. Automated governance processes implemented as policy-as-code solutions on the cloud. Tools such as AWS Cloud Development Kit (AWS CDK), AWS Lambda, and Open Policy Agent can build and deploy these frameworks.

Figure 1 displays a high-level reference architecture for secondary usage of health data based on these key components. In this scheme, the health tech company from the preceding example is a data user requesting access to the EU-wide datasets from the Health Data Access Body in its country of residence. Based on the provided justification, the Health Data Access Body makes a decision and grants access to the datasets, which are provided through EHDS by data holders.

Figure 1. High-level reference architecture for secondary usage of health data in alignment with EHDS.

In steps 1-2, a Data Holder (DH) registers health datasets made available for research through a self-service data platform user interface (UI) in a Health Data Access Body (HDAB) governed account. With steps 3-4, the data registry workflow is triggered to register relevant metadata and governance policies. With steps 5-6, HDAB governance policies are initiated in DH health datasets. In step 7, metadata is created and registered in DH and HDAB metadata catalogue without moving any datasets. With step 8, the Data User (DU) registers an access request to get access to health datasets through self-service data platform UI of HDAB. With steps 9-10, the data access registry workflow is initiated to register relevant access for metadata and specific health data. In steps 11-12, HDAB checks and initiates grant permission policies for requested datasets and manages audit logs. In final step 13, DU uses the analytics pipeline to carry out research on granted health datasets.

Conclusion and next steps

The EHDS presents an opportunity for healthcare organizations to unlock the potential of health data. AWS provides a range of services and data governance capabilities to build secure and scalable data platforms aligned with EHDS requirements. By using AWS, healthcare organizations can build the necessary data platforms to fulfill the EHDS vision and innovate to improve European healthcare.

This post provides a high-level overview of the cloud services that would benefit the EHDS implementation. In the follow-up post, we will provide a step-by-step guidance for technical teams on how to implement the AWS reference architecture for EHDS.

To know more about AWS for EHDS solutions, partners and thought leadership please, visit: AWS for EHDS.

Further reading

TAGS: , , ,
Krishna Singh

Krishna Singh

Krishna is a technical business development manager of analytics and artificial intelligence/machine learning (AI/ML) for healthcare at Amazon Web Services (AWS) in Europe, Middle East, and Africa. He has worked extensively in the data analytics domain of the healthcare and life sciences industries. Krishna holds an MBA in AI, data and analytics from UvA (The Netherlands) and a BE in computer science engineering from VTU (India).

Khrystyna Shlyakhtovska

Khrystyna Shlyakhtovska

Khrystyna is a program manager for data and artificial intelligence (AI) at Amazon Web Services in Europe, Middle East, and Africa. She has worked extensively in federated data sharing and digital platforms domains in the healthcare and financial services industries. Khrystyna has also worked on data spaces projects with customers and partners from various industries. She holds master's degrees in law and business administration.