Get your NEN 7510 certificate with Azure: tips for working safely in the cloud as a healthcare MSP

The digital and secure exchange of patient data is more important than ever. Due to the pandemic, digitalization in healthcare has accelerated. To guarantee the quality of their services in this digital age, healthcare organizations are opting for Managed Services Providers (MSPs) who comply with the norm for information security (NEN 7510). And help them do the same. That's where you come in. With the tips from this blog, you can help your healthcare clients make a safe transition to the cloud and achieve or maintain your NEN 7510 certification a lot faster. 

From healthcare information systems, to finance, planning and specialized hardware and software. As well as email servers and reliable infrastructure for the exchange of information, all of these solutions play their part in the success of healthcare. Of course it is the healthcare organization that really helps the patient, but it is your services that provide the organization with the information they need to give their patients the care they need. 

Healthcare information chain

This information must be reliable, available and secure. Healthcare organizations do not want their patients' data to fall into the hands of unauthorized parties. The information security of healthcare data is quite complex. Due to many parties using this information. Think for example of the patient himself, the complete network of care providers (general practitioners, hospitals, pharmacies, therapists), health insurers and governmental agencies. All of these parties play a role in collecting, storing, processing and transporting data.

Joint use requires security safeguards

This joint use calls for standards in the area of information storage, message format, communication protocols, definitions and coding of medical terms and for rock-solid information security. In order to guarantee the quality of information security, the NEN 7510 standard was created. This standard ensures that medical personal data are processed in a safe manner, so that these confidential data are protected.  

Patient data is safe in the Azure cloud

But how do you make sure you comply with NEN 7510, while also wanting to use the cloud? Intercept's customer, CTO Chiel Labee of SmartMed, explains: "We took a good look at what cloud providers there are. Microsoft Azure, Google and Amazon were the choices. Azure turned out to be the winner because it set up its processes in such a way that the data is safe and sound and meets all the standards." 

Azure Security Center

One of the tools Microsoft uses - to make sure you meet the standards - is the Azure Security Center. "This is a tool that you can use for obtaining your NEN certifications," Chiel explains. "Here you get continuous alerts and advice on the security of your platform. Everything has a timestamp, version and history. That makes your process transparent and insightful. You can show the auditor graphs that visualize where you came from and where you are going. They find that very important." 

Always and automatically compliant

In Azure, you'll also find a set of preconditions that you enforce automatically. This functionality is called Azure Policy and it works like this: if a developer rolls out something that doesn't meet the compliance standards - for example he or she unintentionally tries to roll out something outside Western Europe - the location is automatically adjusted. Or a message appears saying that the location needs to be adjusted first. That depends entirely on how you set the preconditions. 

In control with checklists

Besides the automated preconditions, alerts and recommendations, Microsoft also offers useful control mappings. These are checklists that ensure that you are compliant with NEN 7510, but also other certifications such as ISO 7001 or HIPAA. The HIPAA standard, for example, already includes 122 policies, which Microsoft rolls out for you. 

Secure data usage

Microsoft has many services for secure usage of data too. For example, anonymizing the data, to use it for a test database. Or to share with a customer or auditor. Whatever you come up with, chances are Microsoft has already come up with a solution for it. 

Do you have a question about information security in healthcare? Or do you have a healthcare solution that you want to move to the cloud? Feel free to contact us. And don't worry, Microsoft doesn't have access to patient data.