Integrate and operate healthcare data securely in the cloud
Knowledge database Technology Data management & digitalisation System selection & implementation A.1: Tech-FoundationThe implementation of Integration Platform as a Service (iPaaS) solutions in Swiss hospitals marks a decisive step towards digital transformation in the healthcare sector.
Problem description, research question and relevance
The healthcare system faces the challenge of offering improved forms of treatment in a cost-effective manner.
Increasing treatment options are leading to continuous cost growth and data silos from isolated IT systems. In other sectors such as finance, retail and logistics, data and system integration platforms have long been established and are now also offered in the cloud as "Integration Platform as a Service" (iPaaS). Essentially, these are cloud-based integration platforms that enable companies to link, synchronise, centralise and seamlessly integrate various applications, systems and data more quickly.
Switching from platforms on your own premises, on site or in local data centres (on-premises) to a hybrid cloud solution with iPaaS offers the advantage of simple and secure data integration through existing data connectors, among other things. In addition, integration with other interfaces (API) to other cloud providers enables code-free implementation in some cases, which accelerates the development of digital applications.
The requirements for handling sensitive and sensitive patient and healthcare data in an iPaaS solution are particularly high. However, the diversity of systems and data in hospitals leads to a high level of complexity in terms of data types, semantics and formats. In view of the new developments in the healthcare sector, not only technical aspects but also security, data protection and regulatory requirements are therefore of crucial importance. In general, iPaaS solutions in the healthcare industry must also fulfil the non-functional requirements of security, scalability, maintainability and costs.
Methods and procedures in the project
The three-and-a-half-year Innosuisse project "Smart Hospital: Integrated Framework, Tools and Solutions" (SHIFT) aims to drive forward the digital transformation in hospitals. As part of this, a hosted data and integration middleware (iPaaS), the so-called Tech-Foundation, is being developed in the sub-project A.1 consortium with Leitwert AG, The i-engineers AG and Eviden AG, together with the Institute of Information Systems at the ZHAW. In an initial phase, scientific and specialised sources were collected for a requirements analysis, expert interviews were conducted, information was exchanged with the SHIFT Sounding Board and legal texts and regulations were combed through.
Results and findings
Requirements for the secure operation of healthcare data
The requirements for handling sensitive and sensitive patient and healthcare data in an iPaaS solution are particularly high. However, the diversity of systems and data in hospitals leads to a high level of complexity in terms of data types, semantics and formats. In view of the new developments in the healthcare sector, not only technical aspects but also security, data protection and regulatory requirements are therefore of crucial importance (Figure 1). In general, iPaaS solutions in the healthcare industry must also fulfil the non-functional requirements of security, scalability, maintainability and costs.
The most important aspects and functional requirements of iPaaS solutions in the healthcare industry are
- Open data and integration standards and APIs at the syntactic level:
Recommendation to use stable data interface standards such as HL7 Fast Healthcare Interoperability Resources (FHIR) and ISO 13606 for easy data exchange.
- Definitions, terminologies and classification at semantic level:
Need for semantic interoperability between systems through terminologies such as SNOMED CT, LOINC, DICOM and ICD as well as Integration the Health Enterprise (IHE) profiles.
- Standardised information model for the data representation of the hospital domain:
Use of OpenEHR as a universal and reusable information model to simplify interoperability between medical IT systems.
- Predefined plug & play connectors and adapters:
Support of industry-specific systems such as HIS, PDMS, EPD, PACS, DMS, etc. through ready-made connectors and adapters.
The security of IT, cyber and data in the healthcare sector is not just a question of functionality, but also of fulfilling non-functional requirements. Standards such as ISO 2700x and the NIST Cybersecurity Framework play a central role in effectively managing threats. Special attention is being paid to the protection of sensitive health data with the new Swiss Data Protection Act (nDSG). This law emphasises the importance of "privacy by design" and "privacy by default" as basic principles for data protection. In particular, the requirements for the transparency of data processing have been improved and the self-determination of data subjects regarding their data has been strengthened. In addition, the Medical Device Regulation (MepV) sets out strict requirements for the development and introduction of medical devices, whereby comprehensive risk and quality management systems in accordance with ISO 13485:2016 are required. Compliance with these non-functional requirements is therefore crucial to ensure the security and integrity of IT and data systems in the healthcare sector.
Recommendations for practice
Overall, the requirements identified for an iPaaS solution for healthcare data in Swiss hospitals illustrate the multi-layered nature of this challenge. These multidimensional aspects include not only technical requirements, but also extend into the areas of law, organisation and security in the healthcare sector. The Innosuisse project SHIFT utilises the Tech-Foundation as iPaaS, an approach that is designed to develop concrete solution proposals and test them in practice in Swiss hospitals over the next two years.
A detailed insight into the discussion and further details of the identified requirements can be found in the specialist magazine HMD Practice of Information Systems "Requirements for an iPaaS cloud solution for the secure operation of health data in Swiss hospitals".
Literature and other sources
Russ, C., Stalder, P., Steinwendner, J., Pimentel, T., & Kavakopoulos, J. (2023). Requirements for an iPaaS Cloud Solution for the Secure Operation of Healthcare Data in Swiss Hospitals. HMD Practice of Information Systems. doi.org/10.1365/s40702-023-01011-w