Remember the old days, when our medical records were stored in hospital basements? First, they went into manila folders, kept in locked filing cabinets. As technology progressed, patient records were transferred to computers and servers. Often those servers were also locked away somewhere in the basement. Either way, due to the sensitivity of the information, patient data was restricted to internal networks and physical access to the servers was granted to just a few people.
Then came the internet, and after that the cloud. In medicine and just about every other field, budget, security, availability and scalability are the main reasons why cloud services are replacing traditional on-premises infrastructure or dedicated hardware in data centres.
While working on the MyEyeSite project with UCL and Moorfields Eye Hospital, we had to carefully consider where to store medical data about the patients involved. For the project’s beta phase, we chose Amazon’s AWS cloud services. Security, compliance and cost were the main reasons for this.
When compared to previously mentioned on-premises infrastructure it’s easy to see what the cloud has to offer.
- Physical security – This is basic, but very important. A cleaner unplugging the server is not an impossible scenario when it is humming away in the basement.
- Disaster recovery – The cloud is built to fail, so to speak. Disaster recovery has been designed into cloud infrastructure from the beginning, meaning that power cuts, hardware failure and even natural disasters can’t threaten the data.
- Data encryption – Whether it is stored or in transit, data must be encrypted. When it comes to security and encryption, it is not a good idea to rely on DIY solutions. With the cloud, your options extend to FIPS 140-2 Level 3 encryption – the security standard used by the US government.
- Security and compliance monitoring – Knowing where personal information is stored and the normal paths through which it is accessed is absolutely essential. Cloud technologies are available that automatically search for known threats and are also able to identify unusual activity, trigger alerts and restrict access without human intervention.
- Audit trails – Each event – access, traffic flow, data encryption and decryption – is logged by default using a cloud system. This is not a nice-to-have feature. It’s essential.
Because large amounts of data are often generated in healthcare scenarios – an OCT scan may be 200MB, for example – for MyEyeSite we chose S3 buckets with all data encrypted. It uses server side encryption, with customer-managed master keys and AWS-managed data keys. This is envelope encryption in action – each file has its own data key, then all data keys are encrypted with the master key.
Managing cost while maintaining the utmost security is critical when it comes to health data. The cloud combined with AWS tools enabled us to achieve this for the MyEyeSite project.
To keep costs under control despite large amounts of data, a lifecycle policy ensures that infrequently accessed data is moved to a less expensive storage class without compromising security and consistency. Version control and data replication ensure that a disaster in one availability zone doesn’t result in the loss of data.
Because S3 is a managed service with guaranteed availability, Loft and our colleagues on MyEyeSite don’t have to worry about managing underlying hardware. Thanks to the cloud and AWS, patient data is stored in a manner that is secure and cost-effective. The patients, doctors and researchers can then use the system, storing and sharing data with all the access benefits the cloud offers, while safe in the knowledge that their data is secure.
What tools and systems are you using to store and share medical data, or to keep it secure? Let us know on Twitter – we’d love to hear about your experiences in the field.
Date posted17 November 2020
3 min read
More in insight
Data Strategy #2: High level data diagrams
In the previous article we explored how you can use our Loft Data Canvas as a tool for brainstorming the data in your business. In this article we will look at how you can start…
Data Strategy #1: Introducing the Loft Data Canvas
In this first part of our new series exploring how to develop a data strategy and roadmap for your product, we introduce a process for brainstorming the data in your business and how you can create value from it...
Everyone’s talking about data
Until quite recently a data warehouse was thought to be a Big Business thing. But the tools and technologies are now fit and affordable for use for even the smallest businesses. We are currently helping a number of companies, from startup to about £50m turnover, to plan and build new data strategies...