Cloud Computing

Safety, Ethics, and Regulations

related to Digital Health
Ajay Vamadevan
PGDM – HCM | Term 3
Cloud Computing
• Cloud computing is on-demand access to computing services –
including servers, storage, databases, networking, software, analytics,
intelligence, etc – over the Internet ("the cloud") to offer faster
innovation, flexible resources, and economies of scale

• Option of renting these services instead of having to buy, own, and

maintain physical data centers and servers
• High upfront costs for hardware and software
• Difficulty in scaling resources up or down to meet demand
• Security vulnerabilities and maintenance burdens
• Limited data storage capacity
• On-demand access to computing resources
• Scalability to meet changing needs
• Enhanced data security and disaster recovery
• Improved collaboration and communication
• Cost-effectiveness and flexibility
Cloud-Based Healthcare Applications?
Cloud-Based Healthcare Applications
• Electronic Health Records (EHRs): Secure and centralized storage of EHR
allows for improved care coordination and access to patient data from
anywhere

• Medical Imaging: Cloud storage enables efficient storage, sharing, and

analysis of large medical images like X-rays and MRIs

• Medical Research and Development: Cloud computing provides scalable

resources for researchers to analyze large datasets and accelerate medical
breakthroughs
Telemedicine
• Cloud-based platforms facilitate consultations for patients in remote
areas or with limited mobility
• Helps in development and deployment of scalable telemedicine platforms
• Access specialist consultations remotely
• Enhanced Patient Engagement: Telemedicine platforms can facilitate
chronic disease management and preventive care through virtual
consultations and remote monitoring
• Subscription-Based Models: Healthcare providers can offer
subscription-based telemedicine services, providing patients with
ongoing access to care and generating recurring revenue
 New Business Models Enabled by Cloud
Computing
• Software as a Service (SaaS): Businesses access software applications over the
cloud, eliminating the need for software installation and maintenance

• Platform as a Service (PaaS): Businesses leverage cloud-based platforms to

develop and deploy their own applications without managing underlying
infrastructure

• Infrastructure as a Service (IaaS): Businesses rent essential computing resources

like servers, storage, and networking from a cloud provider
Types of Cloud Computing

• Cloud

• Fog

• Edge
Edge Computing
• Processes data at the "edge" of the network: On devices or sensors that
generate it
• Reduces latency for real-time applications
• Wearables (Fitness trackers/ smartwatches) process data like heart rate, activity
level, and sleep patterns locally before transmitting it to the cloud
• Continuous Glucose Monitoring (CGM) Systems: analyze trends and generate alerts
for patients or healthcare providers if glucose levels reach concerning thresholds
• Remote Patient Monitoring Smart blood pressure cuffs or weight scales process
measurements locally and transmit only relevant data to the cloud
• Reduces unnecessary data transmission and allows for real-time monitoring
• Improves bandwidth efficiency by processing data locally
• Enables offline functionality for edge devices
 Fog Computing

• Extends the concept of edge computing with a distributed processing layer

• Fog nodes can be edge devices, local servers, or micro data centers

• Performs pre-processing and filtering of data before sending it to the cloud

• Enables local analytics for insights closer to the source

• Offers offline processing capabilities

Fog Computing
• Medical Imaging Analysis: For preliminary analysis of medical images (X-
rays, MRIs) closer to the point of care for identifying potential issues
quicker and improve diagnostic workflows

• Telemedicine and Remote Consultations: Processing patient data during

a telemedicine consultation to inform treatment decisions

• Smart Hospitals: Analyzing data from various sensors within a hospital

(temperature, occupancy, equipment monitoring sensors) for real-time
optimization of energy usage, resource allocation, and overall operations
Cloud Deployment Models
Safety, Ethics, and Regulations
related to Digital Health
Ajay Vamadevan
PGDM – HCM | Term 3
Outline
• Nürnberg trials
• Declaration of Helsinki
• Cardinal Principles of Ethics in Medical Research
• Sources of clinical data
• Access controls to clinical data
Nazi Medical Experiments in Concentration Camps
Nazi Experiments on prisoners & Nürnberg trials
• Mustard gas experiments
• Sulfonamide experiments
• Head injury experiments
• Freezing experiments
• Sterilization and fertility experiments
• Poison Experiments
• Electric shock experiments
• Led to Nürnberg trials after World War II
CARDINAL PRINCIPLES OF ETHICS IN RESEARCH
• Respect for autonomy stands for acting intentionally after being
given sufficient information and time to understand the information
• Beneficence is directed to promote the well-being of patients and
society
• Non-maleficence implies first do no harm which can be achieved by
careful decision making and having adequate training
• Justice deals with the equitable distribution of social benefits
Informed Consent
• Language Vulnerable Groups
• Study Purpose
• Procedures • Mentally iII
• Risks and Discomfort • Children and old age
• Benefits
• Payment for participation
• Socially vulnerable: Uneducated,
• Voluntary Participation/Withdrawal poor, women, tribes
• Compensation for injury • Otherwise vulnerable:
• Alternatives Employees, Military, Prisoners
• Confidentiality
• Consent for medical research
• Signature
 Clinical Datasets
• Multiple systems

• Multiple Users
Systems that capture electronic data (1)
Systems that capture electronic data (2)
• Electronic Case Report Forms (eCRFs)

• Electronic Patient Reported Outcomes (ePRO)

• Interactive Voice Response System (IVRS)

• Adverse Event Reporting Systems (AERS)

• Laboratory Information Management Systems (LIMS)

• Systems that automatically record data by integrating data from a medical

device such as an ECG, Holter- Monitor, MRI, etc...
Clinical Data Users

• HCPs

• Data Manager

• Database Programmer/Designer

• Medical Coder

• Clinical Data Coordinator

• Quality Control Associate

Access to Data
• Access must be limited to authorized individuals

• Research Study datasets to be cleared by an Ethics Committee

• De-identified Data
Access Controls: Internal Security Safeguards

• Access must be limited to authorized individuals

• Each user should have an individual account/password

• Passwords should be changed at established intervals

• The system should limit and record the number of unauthorized log-
in attempts

• Automatic log off for long idle periods

 Records Protected: External Security Safeguards

• Protection of records to enable their accurate and ready retrieval

throughout the records retention period

• Controls should be established to:

• Prevent unauthorized external accesses or altering (e.g.-firewalls, anti-spy)
• Prevent, detect, and mitigate effects of computer viruses, worms etc.
 Audit Trails

• Computer-generated, time-stamped electronic audits trails are the

preferred methods for tracking changes to electronic source documentation

• Audit trails used to capture electronic record activities should describe

when, by whom, and the reason changes were made

• Ensure that audits cannot be overridden

DISHA Bill, 2018

The Personal Data Protection Bill, 2019

Digital Personal Data Protection Act, 2023

Digital Personal Data Protection Act, 2023

• The DPD Act is a comprehensive legal framework that governs the

processing of digital personal data in India

• It applies to both Indian and foreign companies processing the data of

individuals in India
Definitions ?
• Personal Data:
• Data Principal:
• Data Fiduciary:
• Data Processor:
• Data Protection Board:
Definitions
• Personal Data: any data about an individual who is identifiable by or
in relation to such data
• Data Principal: The individual to whom the personal data relates
• Data Fiduciary: The person who determines the purpose and means
of processing personal data
• Data Processor: Any person who processes personal data on behalf of
a data fiduciary
DPD Act
• apply to the processing of digital personal data within the territory of
India where the personal data is collected ––
• (i) in digital form; or
• (ii) in non-digital form and digitised subsequently;

• also apply to processing of digital personal data outside the territory

of India, if such processing is in connection with any activity related to
offering of goods or services to Data Principals within the territory of
India
Rights of Data Principals
• Right to access your personal data
• Right to correction, completion, updating and erasure of personal data
• Right to Withdraw consent
• Right to access information about personal data
• Right to restrict processing of your personal data
• Right to nominate - exercise the rights of the Data Principal
• Right to grievance redressal
Obligations of Data Fiduciaries
• Collect personal data only for a lawful purpose and with the consent
of the data principal.
• Process personal data in a fair and transparent manner.
• Store personal data securely and take steps to prevent data breaches.
• Respond to requests from data principals within a reasonable
timeframe.
• Appoint a Data Protection Officer (DPO) if required
 Penalties
• The act allows only monetary penalties for breaches or non-compliance,
ranging from INR 50 crore to INR 250 crore, with a maximum penalty of
INR 500 crore for significant data breaches

• Data Principal can also seek compensation from the DPB for any harm
caused to you due to the non-compliance by the third party

• Act does not provide criminal liability or imprisonment for non-compliance

Implication on healthcare
• Impact on healthcare providers / institutions handle patient data

• Consent: Patients will have more control over their healthcare data.
Explicit consent will likely be required before collecting, using, or
sharing their data

• Access and Correction: Patients will have the "right to access" their
medical records and request corrections if they are inaccurate
Provisions for:
• responding to a medical emergency involving a threat to the life or
immediate threat to the health of the Data Principal or any other
individual;

• for taking measures to provide medical treatment or health services to any

individual during an epidemic, outbreak of disease, or any other threat to
public health;

• Allows processing of personal data for research, archiving or statistical

purposes if the personal data is not to be used to take any decision specific
to a Data Principal and such processing is carried on in accordance with
such standards as may be prescribed
• Data Security Obligations: Healthcare providers will be required to
implement robust security measures to protect sensitive patient data
from breaches and unauthorized access

• Data Minimization: The Act may encourage healthcare providers to

collect and store only the minimum amount of personal data
necessary for treatment purposes
Challenges and Considerations
• Balancing patient privacy with the need for data sharing for public health
initiatives and research may require careful consideration and anonymization
techniques
• Operational Adjustments: Healthcare providers may need to adjust their data
collection, storage, and sharing practices to comply with the Act
• Potential Opportunities:
• Improved Trust: Increased transparency and patient control over data could
lead to greater trust in the healthcare system.
• Innovation in Data Use: The Act may encourage innovation in anonymized
data analysis for research and development of new treatments.
Discussion
• DPD Act:
• Required or Not?
• How will it impact the healthcare Industry?
• Hospital Operations
• Digital Transformation
• Research and innovation

• How can companies effectively navigate these changes to ensure both

regulatory compliance and continued operation/ innovation?