As published in ITProPortal, written by Daniel Hickmore – Health Subject Matter Expert at Arkivum
Before the topic of what a digital embassy is can be broached, it is important to set out exactly what we mean when we talk about data archiving, as opposed to the storage of data. Data archiving is the process of providing long-term data retention by moving data that is no longer actively used to a separate storage device. Typically, archived data consists of older data that is still important to the organisation for future reference, and can also consist of massive amounts of data that must be retained for compliance with best practice or regulatory body reporting requirements.
Traditionally, access to an archive is managed by the prime data owner. In health and life sciences there is an additional factor: the data may need to be shared securely between different organisations. This needs to be performed in a way that ensures the original data is safe, retained in its original form and actively managed in order to ensure that these requirements be met. Examples include the sharing of data between life sciences institutes for research purposes, or the process of consolidating clinical diagnostic services across STP (Sustainability and Transformation Plans) footprints within the NHS.
Operations like these are complex and fraught with risk. Data security and sovereignty have become paramount concerns amid the emergence of new models for data retention, such as cloud and hybrid storage strategies, and the need to provide controls over multi-stakeholder access to the archived data.
The “Digital Embassy”
The digital embassy model has emerged as a new way of defining these requirements and creating an appropriate technical architecture and methodology to satisfy them. In the same way that the embassies of nations provide a physical location in which sovereignty is demarcated and controlled, the purpose of digital embassies is to provide a demarcated data safeguarding area under the full sovereignty of the data owner.
The patient or donor needs to trust that their data is safeguarded, and available only to the appropriate parties. Privacy, security, data protection and data integrity are central to this: data integrity must be assured for long-term retention and future access, while digital continuity is ensured through a robust disaster recovery and business continuity planning approach.
In the digital embassy, data access by third parties is negotiated within controlled conditions, access policies and protocols in order to ensure compliance with the relevant privacy, clinical access or data governance guidelines. Due to legal and clinical best practice guidelines, it is important that the prime data owner is always in control of the data and has confidence that the data is preserved and protected with chain of custody processes to prove that the record of what has taken place is accurate.
There is – of course – more to this. An additional layer of complexity is introduced when considering particular datasets where a number of different parameters must be taken into account, including:
- Data safeguarding and retention
- Data sovereignty, including ownership
- Information Lifecycle Management (ILM)
- Industry-specific best practice and legislative guidelines
- Geographic jurisdictions: legislative guidelines which may vary per country / region and per data type
Several of these parameters are very closely interrelated. If it were not enough to cope with today’s digital security challenges, when you couple this with the ticking clock to comply with regulatory guidelines and the deluge of data being generated by – for example – digital healthcare, it is vital that organisations consider privacy and safeguarding as paramount.
Impact of New General Data Protection Regulations
Currently, Information Lifecycle Management (ILM) retention standards and policies do not necessarily reflect the rate of progress of digitisation in health and these standards are changing. The new General Data Protection Regulations will be enforced in May 2018. The failure of the US data Safe Harbour laws has undermined data sovereignty, and with Brexit changing the European landscape and taking us all into unknown territory, it is essential for health organisations to reappraise their data management strategy.
Concurrently, the acceleration in technology innovation in health is driving greater data volumes and challenging the robustness of health organisations’ ILM standards. Massive growth in genomic diagnostic sequencing and its imminent arrival in mainstream clinical diagnostics, along with the shift to digital imaging in pathology and uptake in document digitisation, has all contributed to unprecedented growth in data volumes and long-term retention requirements. The current standards are struggling to keep up with these changes and demands.
Arkivum is focused on providing solutions for this digital horizon, by providing certainty of future compliance around data sovereignty, security and retention. Part of the approach is to consider the digital embassy model as the way to provide a flexible, exploitable safeguarding architecture, whether it be on-premise, offsite, in the cloud or a combination of all of these simultaneously. Arkivum provides a 100% data integrity guarantee underpinned by ISO 27001 certified processes, protocols and platforms, and a deep knowledge of best practice in digital archiving.