Customer story

Case study: SmartMed

SmartMed improves health with NEN and ISO certified cloud solutions for medication management

The proper medication, at the right place, in the right amount. That's what it's all about at SmartMed. The IT company provides innovative solutions for medication management. Improving patient health through the exchange of data is critical. Intercept successfully migrated this business-critical application to the Azure cloud on behalf of SmartMed in 2018. Why they did so and how it ensures that patient-sensitive data is safe on the public cloud, explains CTO Chiel Labee in this article.

Complex data landscape

"Everyone who has anything to do with medication has a role in our platform," explains Chiel. "From medical specialists in the hospital and healthcare staff at institutions, clinics and community pharmacies to the patients themselves." All these parties have access to the same data in one medication management system.

SmartMed's platform is fed with data from various sources. Such as the G-standard for information on medicines, medical devices, and dressings. But also via integrations and IoT wearables. The analyses that SmartMed performs on this data check whether the medication provided works for the patient.

Reliable cloud partner

To facilitate the exchange of the medication data while ensuring that it is done securely, SmartMed searched for a reliable cloud partner. "We took a careful look at what cloud providers are available. Then you quickly come to Microsoft Azure, Google, and Amazon. Microsoft Azure emerged as the winner because they have designed their processes in such a way that the data is safe and good and meets all the standards in healthcare," says Chiel enthusiastically.

Immediately after choosing Azure, SmartMed decided to involve Intercept in its transition to the cloud. "Azure offers a lot of possibilities, but you can't possibly get through it on your own," explains Chiel. "We approached Intercept to think with us about what we wanted to achieve and what that might look like."

Safety and quality assurance

Like SmartMed itself, its customers were curious about how the solution would function in the cloud. And how the IT company would guarantee the security of their system. "Together with Microsoft and Intercept, we did an excellent job of fulfilling that and convincing the hospitals that the system works well and securely on Azure," says Chiel.

To assure its customers that its system meets the latest healthcare quality and security standards, SmartMed has achieved ISO 27001 and NEN 7510 certification. The latter ensures that patient data is stored and distributed securely. Chiel: "Intercept takes the ISO and NEN standards very seriously, which helped us a lot to go through that certification smoothly."

Do you also want to get started with these certifications? Please read our blog NEN 7510 with Azure: tips for working safely in the cloud as an MSP for healthcare.

Microsoft lends a hand

Obtaining these certifications is an annual process. The platform offers various tools to give you a helping hand, saving Microsoft Azure users a lot of time. One of those tools is the Azure Security Center. "Here, you get continuous alerts and advice on the security of your platform," explains Chiel. "Everything has a timestamp, version, and history. That makes your process transparent and insightful. You can show the auditor with graphs where you came from and where you are going. They find that very important."

How do you make sure you collect all this data according to the rules?

 "In the Netherlands, the patient has to permit the use of his or her data," explains Chiel. "A lot of that goes through the community pharmacy or the treating physician." Different rules apply to healthcare providers than to the patient themselves. If you work directly with the patient, then the GDPR (AVG) restrictions apply. This means that the patient profile and care data are stored in separate databases. This is one of the reasons why SmartMed started with a microservices architecture. "As a result, the data is not in one pot."

The patient has the right to be forgotten, so they are removed from the patient's environment. The healthcare provider, on the other hand, has a 15-year retention obligation. They must be able to provide their history. For this, SmartMed applies "soft delete mechanisms. This ensures that the data is no longer directly visible but can be presented during an audit.

Intercept

Are you, like SmartMed, looking for a way to migrate your healthcare application to the cloud securely? Or are you looking for an intelligent way to meet current quality and security standards? Feel free to contact us. We will then think along with you without any obligation.

Healthcare ISVs