Ghent, Belgium, 1 December 2023

The European Institute for innovation through Health Data (i~HD) strongly promotes the greater use of health data by healthcare organisations to analyse healthcare services and patient outcomes at micro and macro levels in order to improve the quality and safety of care, for health data to be used widely to underpin public health and policy making, for research and innovation by public and private organisations.

To achieve these benefits from health data at scale, and especially to deliver and bring value from the European Health Data Space, it is vital that healthcare and clinical research make appropriate use of secure cloud computing services. Our Institute has recently co-authored this report, conveying these messages to decision-makers.

Many healthcare and clinical research organisations and networks already use trusted cloud service providers that have established their reputations in terms of quality and cybersecurity. These services allow data users to access and share data in a way that meets information and cybersecurity standards, and allows them to meet obligations of security and accessibility required in European Union and national-level legislation.

We recognise the value of the European Cybersecurity Scheme for Cloud Services (EUCS) in contributing to high standards of security. However, we are concerned that some of the measures being considered are based solely on the jurisdictional location of the company hosting the services, as opposed to the jurisdiction location of the data being held and the security compliance measures implemented. We believe that the data security requirements cloud service providers must be based on enforceable cybersecurity standards and the governance rules to which companies can be held accountable, rather than the jurisdictional location of headquarters.

Prof. Dipak Kalra
President, i~HD
(contact via email)