ICTRecht has published a report in which the consultancy addresses the risks that may be involved with regard to storing medical data of Dutch patients in the cloud.
Central to this are the following questions and corresponding answers:
What legal requirements must a cloud provider meet to ensure that medical data of Dutch patients can be stored and processed with sufficient security and privacy safeguards?
Based on these requirements; what risks exist with respect to privacy safeguards in these situations when using cloud providers based in the Netherlands, the European Union, the United States and other countries? Are there substantial differences between local Dutch cloud providers and providers from the other categories of countries?
What technical requirements must a cloud provider meet to ensure that medical data of Dutch patients can be stored and processed with sufficient security and privacy safeguards?
Based on these requirements; what information security risks exist in these situations when using cloud providers based in the Netherlands, the European Union, the United States and other countries? Are there substantial differences between local Dutch cloud providers and providers from the other categories of countries?
What distinction should be made between cloud providers based in the Netherlands, the European Union, the United States and other countries with respect to these technical and legal requirements? In addition to answers to these questions, this report also contains guidelines and advice on the choice of cloud storage for medical data.
Report: advice on storing medical data in the cloud
This room letter can also be found in the files Privacy in Healthcare and Information Security
source: ICTRecht
