UZ Leuven Case Study
Focusing on patient data privacy without sacrificing usability
Almost immediately after doctors began collaborating on patient health, they began clamoring for electronically-shareable medical records that could maintain data privacy for patients across hospital locations. Neither doctors nor patients were isolated to a single hospital. They didn’t want vital data to be isolated, either. At UZ Leuven, patient records had already been stored on a single electronic medical record (EMR) system that allowed sharing within the vast central hospital. As multiple hospital campuses would begin to share records, this new system was going to have to scale rapidly.
The success of the existing single-system for EMRs opened a trove of resources for truly comprehensive patient care and research. It looked like the service needed to extend beyond the hospital—across devices, languages, borders, and healthcare professionals. All at a time when compliance and data privacy are becoming more than buzzwords; they’re regulations.
A single IT system would have to continue security and compliance measures across multiple hospitals and millions of EMRs. It would have to face the challenges for medical IT professionals regarding data privacy that often stymie the usability that patients and doctors desperately want.
UZ Leuven Hospital:
- Must share EMRs with 30+ hospitals
- 9500 stuff
- 2,000 beds w/high volume critical cases
The Challenge that Created a Server, that Created a Platform
UZ Leuven is the popular name for the University Hospitals Leuven, the largest hospital in Belgium. It handles the most critical cases in Belgium across four campuses that collectively house over 2,000 beds and 9,500 employees. It’s a vast network of the very best doctors in Belgium, caring for the most challenging cases in the country.
The incredible volume of data that comes through the hospital and the extraordinary privacy that needs to surround those patients is obvious. But, UZ Leuven also operates as a research and training hospital. In addition to patients coming and going, data also moves as doctors collaborate across changing locations. In fact, the hospital currently shares electronic medical records with approximately 30 other hospitals. Keeping EMRs safe and optimally accessible is notoriously difficult.
Moving EMR data safely between hospitals and doctors was vital for two reasons: better healthcare to patients; and better medical care and research by doctors. Patient records are at the epicenter of determining the right medical course for an individual—especially for chronic, cancer and transplant patients. They help understand the patient and their personal responses to treatments, pharmaceuticals, and other considerations. Even knowing if a person suffers from a previous condition can help doctors determine best practices. A person suffering lifelong claustrophobia may need special treatment or machinery to get a lifesaving MRI, for example. The records are also important for ongoing patient care, recovery, and learning or research. As patients return to their local or recovery doctors, their full medical history is vital for follow-up treatment. Case studies of one person can also offer unique or critical medical insights that can help many other patients. The IT challenges of any single hospital are massive—presenting an even larger challenge to UZ Leuven’s IT group. In addition to its size, there are other complexities for UZ Leuven in figuring out a way to share EMRs.
“A single IT system would have to continue security and compliance measures across multiple hospitals and millions of EMRs.”
Before unifying the systems into a single on-prem, hospitals typically started by implementing various systems at each campus or each medical specialty in different ways. They would obviously have a hard time communicating.
The newer system (and what it would eventually sire) would need borders between campuses and specialties to be much more crossable. The solution: they created one big shared system eliminating the need to transfer data. This was the first step of their infrastructure evolution.
They created an on-premises server to manage all medical data as part of a single virtual campus, then allowed EMR sharing. It was tremendously successful.
Then, a new challenge arose. In addition to the resident and visiting doctors, the doctors who train at UZ Leuven wanted to bring the same records with them between locations to share critical information from EMRs, so they’ve started a collaborative with 30 other hospitals.
The original electronic data storage and communication systems wasn’t developed to be across hospitals, but the need demanded they treat the various hospitals as a single “campus” to facilitate record sharing.
The de rigueur work of ensuring that data security was already challenging to IT. They had the large “campus” as well as several client-facing products to help patients and doctors. So, a new level of service and research extended the pressure on IT to meet compliance and security challenges at a new scale. Their on-prem server was no longer looking as sustainable.
This got them thinking about redesign. What would a new platform, based on the success of the on-prem model, look like?
Hitting the Glass-Ceiling of On-Prem: A New Platform
UZ Leuven is starting a brand new platform for new customers. Based on the success of their unifying record-sharing server, they needed to expand EMR sharing outside of their immediate network. Opening a new front, they will add other practices in the medical field, not just hospitals. The goal is to create communication between hospitals, referring specialists, general practitioners and home nursing. Ultimately, this will reduce risks to healthcare professionals, give more comprehensive treatment, and offer patients a more effective and friendly experience. All your providers can know more about you, instead of guessing at who you are.
This sort of integrated data system in a multi health care provider, patient-accessible environment is an entirely new offering, the likes of which has never existed. There has always been a problem most patients don’t realize. They think their records are shared and their doctors know their medical history. But they don’t. The only thing that usually gets across is the discharge paperwork, not the structured and informed data about the actual treatment history. That includes medical requests like MRIs, for example. So the next doctor visit that may hinge on those results is entirely in the dark presently. Has the MRI been booked? Did it happen? What are the medications that have been prescribed? What medications and treatments has a patient had that’s worked or not worked?
“This sort of integrated data system in a multiple health care provider, patient-accessible environment is an entirely new offering, the likes of which has never existed.”
Having information and access to a cross-doctor treatment history is really important to having the most comprehensive care. A lot of medical errors are happening because people can’t see the full treatment and medical record.
To make healthcare better, they need to expand the services their on-prem, unifying system was able to provide across their 30 hospitals. To do that means creating a platform that will link doctors and patients around sensitive material without compromising highly regulated data and privacy. It needs to provide impenetrable security over an incredibly diverse system, which will carry the most sensitive data across multiple endpoints in numerous locations.
On top of that the predecessor on-prem system was not initially designed for multi-language functionality, though the 30 hospitals’ clients are dutch and french speaking. And to fully reach the intended goal country borders needed to be broken too.
The need to cast a wider net with the same resources was evident. The on-prem server and 200 person team was running at full capacity. The only logical solution to expand the model of the on-prem medical record sharing is moving to the cloud for its tremendous flexibility, power, security, and bandwidth. It’s the kind of redesign that starts from the product need and works backwards towards creating secure infrastructure and requirements. It’s something like Noah recognizing there’s a storm ahead, only boats might be easier to build.
“We need strong security because patients need to be able to access information on mobile, but security is difficult.”
Small Teams, Big Risks, Stronger Security Solutions
The only solution for creating an in-“campus” and outside-campus, secured record-sharing system was a move from on-prem to the cloud. Security is paramount. What new solutions would they need in the redesign? What could they learn from the solutions that had protected their on-prem system so well? They had to take the small steps they’d made to expand data sharing safely and make a giant leap without any glitches. Growing a model requires a whole new consideration—changes to the very physical infrastructure and architectural considerations.
A leading hospital like UZ Leuven is also the smartly host to a leading IT department. They dedicate 2% of their annual revenue to IT. Even while regulations (Belgian data protection framework expands GDPR) have hit other healthcare providers and services hard, UZ Leuven’s security-minded IT department has remained successful. Their massive “campus” thrived while other organizations were faced with failing systems.
Now, the challenge was to go further—prepared for stricter compliance standards. Like most who understand how much rests on IT, the budget and team was not so big compared to the responsibility and scope of the project. Of their 200 person team, about 25 people do support and security at UZ Leuven. While they take serious efforts to have everyone thinking about security, not everyone is able to be a dedicated security officer. An adaptive, automated system is really important to being able to comprehensively secure the information they need to share.
Wallarm Boosts System Redesign for Cloud Migration from On-Prem
UZ Leuven has had tremendous success with its transformative, homegrown record-sharing system, which has historically housed everything on one on-prem server. In addition to this in-house server, UZ Leuven has a suite of client-facing products, which make up their applications. They help make patients be an active and informed part of their healthcare. All HTTP external data APIs and mobile applications have been protected by Wallarm. “We need strong security there because patients need to be able to access information on mobile, but security is difficult.” And, Wallarm solutions have helped inform their platform design as they expand into the cloud.
UZ Leuven’s new platform needs to exponentially increase their scope from the previous system (expanding the number of users and locations). At the same time, data is moving in unpredictable ways in terms of increased mobility, globalization of information. It’s challenging to create a platform that has to be safe across devices and locations, while simple enough for users of all ages and skill levels. It’s not just clients logging into surface level scheduling. Doctors and surgeons need to rely on multiple endpoints to share medical records.
“The original electronic data storage and communication systems wasn’t developed to be across hospitals, but the need demanded they treat the various hospitals as a single “campus” to facilitate record sharing.”
The cloud will make the new platform possible in an affordable, flexible way. But new security concerns will arise as will the need for solutions as powerful, distributed, API-centric, easy to deploy, and adaptive as cloud servers. The cloud is a shared data protection responsibility. For their part, UZ Leuven will need to make sure that cloud servers are protected at the points they’re vulnerable, at the application level.
UZ Leuven had organically grown its data organization system and infrastructure from the typical rainbow of hardcopies in manilla folders to electronic files. And then it kept growing into a clever, unifying system that proved itself under strict regulation implementations. UZ Leuven had done it all on an in-house electronic medical records server that is homegrown. And, it is time to migrate their groundbreaking innovation into a platform.
The new platform is also introducing a new CI/CD pipeline. So, while building a new platform in the cloud, UZ Leuven was also doing a lot of testing and deployment as the system was being built to iron-out a CI/CD platform that works for on-going development and deployment both on-premises and into the cloud.
The Wallarm solution that they have been using in their on-prem server was integral in the design as they have moved to cloud. The main selling point for UZ Leuven IT team is that the product has been easy to use across the team. “Just being able to see what is already being seen and blocked is important in going forward.”
Ease-of-Use is Also Stronger EMR Security
Transparency and ease-of-use across the team has helped inform design, workflows, and development. But it’s also helped to identify larger security questions as UZ Leuven expands.
You can learn a lot from false positives. Security is extraordinarily context dependent. One of the problems for UZ Leuven had been a few false alarms. Specific normal user behaviors and operations specific to healthcare can create an “echo” in healthcare data that can falsely flag user actions as vulnerabilities. A new form or functionality can accidentally get blocked because it’s anomalous. The tricky part is that the patient’s ability to fill out what is happening to them is the same way hackers get in.
Understanding these “echos” establishes a guide-line for security. You try and make everyone aware of security, but ultimately get the right automated tools and processes to get ahead of attacks. The point is not only to protect against vulnerabilities in the system, but malicious attacks. A unique element of Wallarm products is that it takes a more proactive approach than learning from previously successful attacks. It uses whitehacker insights to extend its library of attack vulnerabilities. The point is to “make it harder for good, ethical hackers to get through.” That’s an assurance UZ Leuven appreciates given how devastating a data hack on EMRs would be. For UZ Leuven, you start by having strong, automated tools to help identify issues in CI/CD, multiply testing, and provide easily digestible feedback to developers for fixes and strengthening code ahead of production. Be sure that monitoring and blocking goes one step further and actively finds vulnerabilities other solutions cannot.
“Moving to the cloud will make the new platform possible but new security concerns will call for solutions as powerful, distributed, API-centric, easy to deploy, and adaptive as cloud servers.”
Luckily, the complex intelligence of pattern recognition happening in neural networks is paired in Wallarm with an easy user interface. The powerhouses in your DevOps aren’t weighed down with administrative oversight and continual updating. Crack teams can sort through issues and mark them as false positives or assign risk levels very quickly. From there, the machine learning engine will integrate this information and get smarter.
This sort of exploitation is particularly tricky in healthcare, where a lot of patient forms are being generated with high-security needs and highly personalized data. This is a correlation that hackers can exploit, so the balance between strict privacy and usability is continually being struck. As the patient record sharing system grows (and so does its benefits to healthcare), the cloud can increase the bandwidth, but the traffic and users will also need to have smarter, more truly automated, autoscaling security solutions that match cloud infrastructure and pressures. Many cloud security solutions require that the API calls are redirected into the security provider infrastructure, which creates a problem with handling sensitive personally identifiable information (PII) and Protected Health Information (PHI). Wallarm processes request within Uz Leven infrastructure thus simplifying the compliance issues and ensuring better privacy.
For UZ Leuven, part of the design going forward is being able to see the way hackers are trying to get in. “We want the same protection as we move to cloud as we have on-prem.” It’s been really important to their security team to have this sort of easy, deep insight. Wallarm can work in any infrastructure—on-prem, hybrid, or in the cloud. UZ Leuven’s new platform will also need the same security protection and processes that have allowed everyone in their DevOps and Security teams to participate in security. The project is growing bigger than their IT team can handle without an automated security solution.
Another issue of powering up in the cloud as they grow the medical system through cloud migration is finding security that can scale with their predicted uptick. “If we use a platform built to scale, we want everything to scale with it. Wallarm’s ingress controller can scale with us, which is important.”
It isn’t just that the platform growth is a high-hope. While this new platform wasn’t meant to be their core business, it’s been wildly successful. Now they have a joint venture that helps big organizations share data with high-level security: 50% hospital, 50% commercial backer. It’s a paragon of safe information sharing with patients and providers.