EU guidelines on Cybersecurity and cloud services in the health care sector

2021-01-25T16:31:00

On January 18, the European Union Agency for Cybersecurity (ENISA) published a new Report on Cloud Security for Health Care Services (the “Report”).

EU guidelines on Cybersecurity and cloud services in the health care sector
January 25, 2021

On January 18, the European Union Agency for Cybersecurity (ENISA) published a new Report on Cloud Security for Health Care Services (the “Report”).

Member States’ health care systems are under a lot of pressure due to the COVID-19 pandemic. Therefore, digital health care has become a necessary, supplementary and effective alternative to help mitigate the strain on in-person health care services. Cloud computing in the health care sector enables (i) the provision of telemedicine services; and (ii) the streamlining of data storage. But the security risks for patients’ sensitive data, as well as the complex legal landscape and the appearance of new technologies, have slowed down the implementation of cloud services in the health care sector.

ENISA publishes the Report to provide the health care sector with cloud services guidelines and security practices. The Report looks at which data protection aspects to consider when contracting cloud services, mostly relating to the sensitive nature of the stored data.

The Report focuses on the three areas of health care where cloud services are particularly important: (i) electronic health records, specifically the collection, storage, management and transfer of patients’ health data; (ii) remote care, in connection with telemedicine services; and (iii) medical devices, particularly the automatic transfer of data stored in the devices to allow for remote patient monitoring.

Through these guidelines and practices, the Report intends to guide technology professionals working in the health care sector, with the aim of preserving the security of data in cloud environments, so that all technical and organizational measures to that end can be implemented.

The Report takes a practical approach, providing case studies to illustrate the existing threats to cloud services in the health care sector, and providing possible solutions and appropriate security measures.

The Report follows in the footsteps of the Procurement Guidelines for Cybersecurity in Hospitals published by ENISA in February 2020. With these reports and guidelines, the European Union is trying to consolidate the digital transformation of the European health care sector into a cybersecure environment with guarantees for both users and patients.

Authors: Albert Agustinoy and Pedro Santos e Silva

January 25, 2021