East-Limburg Hospital first to store patient records in the cloud
If a garage’s customer information is easily available to everyone, then that’s very worrying. But if this happens in a hospital, it’s a downright disaster. Secure data storage in the healthcare sector isn’t just a strict requirement; it’s a legal obligation, with some patient records having to be kept for at least 30 years by law. In order to protect all its data more securely and be ready for an increasingly digital future, East-Limburg Hospital (ZOL) decided to become the first hospital in the Belgian healthcare system to start using the cloud for its data storage.
‘As a hospital we’re obliged to treat sensitive data extremely carefully,’ says Peter Thijs, CIO for East-Limburg Hospital. ‘The rules are much stricter for us than for a commercial enterprise, sometimes with the added difficulty that legislature hasn’t kept up with the many rapid technological developments. There is however more clarity and legal certainty about how to apply existing rules for new technologies now, and this has enabled Kohera, together with sister company ICTinus, to provide a solution as a Microsoft partner that offers the legally required certification and which clearly demonstrates it is in line with all national and European regulations. This was a great help in ultimately deciding to switch to the cloud.’
Stand-by disaster recovery
ZOL had already entrusted a large portion of its IT infrastructure to Kohera and ICTinus, with its databases previously consolidated into two on-site SQL Server systems and one on-site SQL Server that works with a delay. Kohera has also taken care of the database maintenance, backups and all operational procedures ever since. An active disaster recovery has now been added on Microsoft Azure too, to ensure the digital patient records can be accessed securely and reliably at all times.
The active data is still stored on servers in the ZOL buildings, but backup copies are kept in the cloud now too. Kohera implemented the SQL Server AlwaysOn Availability Groups, so patient records can always be looked up straight away. ‘The amount of data is increasing all the time, but whatever happens, the digital information can never be lost. This hybrid cloud solution from Kohera guarantees this,’ explains Thijs.
The budget of course plays a very significant role in large IT projects. And this goes some way to explaining the cloud’s increasing popularity as it can result in substantial cost-savings largely thanks to its scalability. After comparing other alternatives, such as a private cloud, ZOL opted for this asynchronous disaster recovery in stand-by as the most affordable solution. ‘There are always new applications being added which set ever-increasing requirements for the infrastructure. We work with images which have ever-higher resolutions, for example, so we need more storage capacity and bandwidth,’ explains Thijs. It’s true that this increases the cost for upload bandwidth, but that’s more than offset by Microsoft Azure’s low storage and stand-by costs.
Completely secure data
Of course, everyone’s first concern when it comes to patient records: what about data protection? Can it be easily hacked or stolen? Isn’t the data visible to others if it’s kept on a server which lots of other companies are using too? Kohera deals with this concern by setting the bar very high when it comes to data protection. Kohera first encrypts ZOL’s patient records with SQL Server, and the latest features enable backups to be made with StorSimple, a hybrid cloud storage service that provides an extra layer of encryption. The backup files are then encrypted again and sent to Microsoft Azure. So there’s triple encryption for confidential patient records. And furthermore, the encryption keys are protected by a certificate.
Peter Thijs, CIO for East-Limburg Hospital: We’re absolutely certain that the data is more secure in the cloud than on our own campus,’ says Thijs. ‘All ZOL data is heavily encrypted on Azure, and only we have the key. Secure protocols are used for the network traffic to and from the cloud too. Our data is only stored in Azure data centres in the Netherlands, so the EU legislative framework is applicable at all times.’