AWS Public Sector Blog
Data governance policies for Asia Pacific cloud adoption in healthcare
Globally, the demands of the COVID-19 pandemic rapidly accelerated the adoption and acceptance of telehealth and digital health applications. Across all aspects of healthcare, from diagnostics and imaging to genomics and personalized healthcare, the demands for healthcare data availability, storage, compute, and artificial intelligence (AI) tools are rapidly accelerating. The use of cloud computing is critical to delivering cost-effective solutions to these problems that give the flexibility and power to innovate.
The Asia Pacific region is no exception, with many examples of innovative healthcare solutions and transformations in digital health. Healthcare institutions have the opportunity to accelerate their move to the cloud, but first they need more clarity in how to manage healthcare data governance securely and in compliance with all regulations.
Even as more healthcare organizations are prioritizing digital transformation on the cloud and reaping the benefits, Access Health International’s report, Overcoming Barriers to Cloud Adoption in Public Healthcare in Asia Pacific, found that there remain opportunities to drive greater innovation in healthcare. More clarity on how cloud-first policies should be applied for healthcare data and improved processes for procuring cloud services can significantly boost healthcare organizations’ ability to more fully exploit the benefits of the cloud.
National policymakers and public sector agencies can help by providing clear guidance to healthcare institutions on how to usefully classify and manage different types of data in the cloud, procure cloud services for healthcare, and securely share and use healthcare data. Improved guidance will open the door for cloud-based applications that can improve patient outcomes, enable personalized care, support value-based healthcare, manage public health—including future pandemic preparedness—and accelerate medical research, drug discovery, and healthcare innovation. Even where there are existing national public sector cloud-first policies, healthcare organizations could benefit from greater clarity on how to apply the policy to healthcare data and greater support in procuring cloud services.
Cloud data governance and best practices for public healthcare cloud adoption
Amazon Web Services (AWS) recently collaborated with global consulting firm Alvarez & Marsal to produce a whitepaper, Cloud data governance and best practices for public healthcare cloud adoption in Asia Pacific. This paper aims to give recommendations based on best practice examples for health policymakers to provide clear direction to healthcare institutions for governance of healthcare data in the cloud.
Recommendations from the report
Align cloud-first strategies with data classification
-
- Healthcare authorities take the lead in aligning healthcare data classification with existing government frameworks.
- Use a risk-based classification framework with granular examples and guidance.
- Develop a risk management framework to support healthcare providers.
To make good governance decisions, health policymakers need to ask the question, “What are we trying to achieve?” and then use a simple framework to classify data based on risk. The controls should be specific to the risk, and care should be taken to balance risk mitigation against the tradeoffs in cloud functionality they may create. The UK NHS Health and Social Care Cloud Risk Framework provides a clear example of how one system approaches this. The benefits of the cloud include resilience, flexibility, scalability, availability, and cost-effectiveness. If governance policy relies on controls like data localization and unnecessarily restricts sharing, interoperability, and movement of data, healthcare organizations could risk losing the transformative advantages of the cloud.
Simplify cloud procurement for public healthcare and enable better data exchange
-
- Simplify access to cloud services to encourage greater adoption by healthcare agencies.
- Develop clear rules on data sharing and secondary use of data with the aim of encouraging information exchange.
Procurement of cloud services to support healthcare institutions and health systems can also be challenging for procurement agencies who may be more familiar with capital equipment and consumables. Procurement agencies may struggle with how to assess and procure variable cost, usage-based operating expense cloud services. It may be helpful to both use whole of government and panel style preapproved cloud procurement agreements for public sector agencies and spend time upskilling procurement agencies to better understand the cloud and how to procure cloud services that appropriately meet the needs of the organization.
In healthcare, the cloud can enable boundaryless access across data systems and geographical borders to an individual’s health records to allow individuals to securely receive quality personalized healthcare wherever they travel and whoever they seek care from. It also enables big data insights for improved population health, value-based health systems design, and accelerated medical research, empowering faster drug discovery and genomic and diagnostic innovations. To fully realize these opportunities, the ability to transfer and share data across borders and administrative boundaries with trust is critical. To support that aim, it is necessary that health systems are interoperable and use globally adopted standards such as the HL7 FHIR (Fast Health Interoperability Resources) standard. There must also be clear guidelines and agreements on what consents are necessary, how data can be shared, and under what circumstances data can be used for secondary purposes such as research and public health management.
Consider alternatives to data localization
-
- Avoid restricting access to healthcare data services and technology by implementing broad residency requirements using internationally effective methods of establishing security and control in the cloud instead.
- Look to solutions like allow listing countries that provide acceptable protections for the data.
- Look to requirements based on accountability rather than on jurisdiction, and make the data owners responsible for meeting requirements regardless of where the data resides.
- Avoid one-size-fits-all regulation by allowing cases to be made for safe data sharing and transfer by using a range of governance and technology tools such as privacy enhancing technologies, de-identification, and analytics platforms that allow work on the data in-situ and leave the work environment with only the data insights.
- Importantly, provide clear guidance to healthcare institutions about how they can compliantly use and share healthcare data. Healthcare institutions miss many opportunities to improve patient care and outcomes and benefit from international research because they are unsure how to use and share data and remain in compliance with regulations.
As the whitepaper identifies, there is a huge and growing potential for digital health solutions to improve healthcare outcomes, accelerate innovation, and lower the cost curve. And the cloud provides the accessibility and flexibility to do this at scale. In order to give healthcare providers and institutions the confidence they need to capitalize on the opportunity, they require strong national strategy and policy, clear guidance, and the necessary support, skills, and incentives for transformation. Finally procurement bodies should consider training procurement staff in digital and cloud technologies and review procurement policies to ensure they are fit for purpose. Ultimately, policy at the international level to establish data sharing and interoperability spaces, frameworks, standards, and principles by agreement between nations will further bear fruit.
Read the full paper: Cloud data governance and best practices for public healthcare cloud adoption in Asia Pacific.