e-Health baselining event�Jan 27 2021

Short summary of outcomes

GCC#23 Feb 10, 2021

​

Mario Reale / GÉANT / Research Engagement & Support

Goals for the eHealth baselining event

• Gather the NREN community around what is
• needed
• already there
• missing � to support the eHealth user community�
• Share experiences on the current NRENs activities in eHealth�
• Focus the discussions on 5 thematic areas:
• Network / Security / T&I / Cloud / Policy and EU Liaison

​

• Pave the way to common work on a baseline of tools/services/activities to improve/extend support to the eHealth community

event agenda

Event attended by ~ 70 participants, mostly from NRENs (100+ registered)

Organisers: Leonie Schaefer / DFN

Marina De Giorgi, Mario Reale / GÉANT�Neringa Jackevice / EaPConnect

Main outcomes (1 / 5): Network

• Many (⅔) NRENs connect Hospitals and eHealth research institutions or started working with them (also cfr. Compendium 2019)
• In many cases extra services (above the net) are provided
• Overall the community is increasingly asking for additional bandwidth
• There are diverse connections as well as mixture of free of charge and paid services
• Quality IP service and L2-L3 connections asked for where missing
• Cost recovery model: follows the general approach of NRENs to their users
• hospitals don't get special status in this respect
• In some cases, services are provided to eHealth institutions even if there is no physical network connection provided by NREN

​

Main outcomes (2 / 5): Security

​

• Proposal to define a minimum security baselines for NRENs in dealing with health organisations
• Starting from GN4-3 project security baseline document
• Further specialising it for the eHealth domain
• Common need to enhance skills on Cybersecurity
• Proposal to organise joint tutorials for the NRENs community targeting specifically the eHealth community / Hospitals
• Proposal to generalize/extend the model of some NRENs providing support about setting up CSIRT teams and DDoS prevention
• Example: https://www.surf.nl/en/surfcert-247-support-in-case-of-security-incidents

​

​

Main outcomes (3 / 5): Trust and Identity

​

• Cloud/Hosted Identity Provider raised consensus as interesting/useful opportunity for many
• Differences do apply based on NRENs skills/expertise/governmental support
• Fog and Edge computing mentioned as increasingly important areas where T&I could come in
• The NRENs community could lead given its expertise
• eHealth data pools/lakes demand security and T&I
• Data Access control / Access policies → Key role for T&I
• Hospitals have some inertia to move away from current solutions (commercial ones)
• A federated approach would be much better to ensure interoperation, collaboration worldwide

​

Main outcomes (4 / 5): Clouds

​

• Clouds are very relevant to this community, overall
• Large differences among NRENs
• Leading NRENs offer cloud services to this community, either directly or by offering services from commercial providers
• Artificial Intelligence and ML applied to medical data sets - Implications for the Cloud models (Provider, Community)
• NRENs well off to provide privacy preserving/secure services to research eHealth institutions
• Starting from storage and data sharing services

​

​

Main outcomes (5 / 5): Policy and Liaison with the EU Commission

​

• Refine NRENs AUPs to fine tune them for eHealth users and services
• Need acquire additional information on latest EU directives/communications and promoted new concepts on eHealth
• EU eHealth Dataspace
• Key areas where support at the policy level is required and developments are needed identified in
• Data Access policies
• Enforcement of standards
• FAIR data approach
• Trusted research environment
• Evangelization to Hospitals and their staff
• Join force while liaising with the EU about funding opportunities for the community - and possible liaison with WHO

​

after event dust settled considerations

• Community welcomes coordinated work/joint efforts on eHealth
• A sensible way forward could look like
• Identifying concrete items to work upon together
• Organising a second community event to
• Include participations from eHealth institutions
• Including EOSC-Life cluster (consider a MoU)
• Prioritize identified possible work items
• Submit a lightning talk about this initiative at TNC21
• Get community endorsement for a coordination body within the GCC (SIG,TF) ?

References

• Mailing list: e-health@lists.geant.org
• Wiki: https://wiki.geant.org/display/EHE/eHealth+-+Home
• https://wiki.geant.org/pages/viewpage.action?pageId=175112291
• Event mentimeter results

​

Spare slides

First draft strawman list 1/2

1. Community Cloud: GÉANT Cloud Workflow: select relevant eHealth community applications and start implementing corresponding Cloud Flow
2. AUPs: are the current NREN AUPs fit to include the management of medical data or personal information, do NREN need support to refine / define their AUP to be able to deal with medical records and patients' data? (do we need to go into more detail in defining acceptable uses of the network?)
3. Generalizing support to the IdP-Cloud and promoting a GEANT solution for it - or providing a way for GEANT or one or more NREN on behalf of GEANT to offer this service transnationally to the various EU research institutions ?

To pool experiences and define a standard "package" that can be offered to the various eHealth institutions on an EU scale?

To do this, it could also be appropriate to define, for example, a way to easily deploy a VPN network between LDAP in the hospital and IdP front end on some hosted server / cloud possibly also in another EU country than the hospital itself

• Define a specific certification for the blessing of the sharing of medical databases / patient's data? (a checklist to verify that you are complying with the GDPR and are actually sharing data in a legally allowed way)

​

First draft strawman list 2/2

5. Make an inventory of which eHealth related services could be truly global, become part of a catalog of eHealth services to promote with eduGAIN or other multi-domain solutions?
6. Understand if we can define a standard support package for PROJECTS in eHealth? (an AAI solution on demand, also based on the GEANT Cloud Workflow if appropriate)
7. Understanding which services to promote within the Community Cloud regarding support for eHealth projects and institutions? (they need secure storage, computation, a way to store data pseudo-anonymizing them)
8. Promote CyberSecurity training specialized in eHealth (i.e. firewalls, FoD, networking of medical devices, promotion of secure protocols within the Campus)?
9. See if we can define a stand-alone solution for telemedicine along the lines of what PSNC has shown, in some way promote a set of basic teleconsulting services to be promoted to all continental hospitals?
10. Work on Vendors to understand how to interface "local" instrumentation on the network in general? extend the domain of devices that can be used remotely?

​

​