How Europe’s leading healthtech companies ensure the safety, sovereignty and security of patient data on a global stage

All responsible startups have a duty of care over their data. In healthtech, however, where the data is highly personal, sensitive, and potentially life-threatening in the wrong hands, such sovereignty and security takes on extra meaning, not to mention enhanced regulation. Especially in the case of European healthtech firms operating on a global scale.

One such firm is AlgoDX. Founded in 2018, AlgoDX uses artificial intelligence, machine learning and predictive analytics to determine a patient’s chances of developing disease. Through its Navoy platform, AlgoDX is currently able to spot the early-warning signs and predicators of sepsis. An evidence-based algorithm for detecting acute kidney damage is currently being clinically validated, and there are three other – yet undisclosed – trials underway as part of the longer-term product roadmap.

The stream of patient data

In order to develop these algorithms, AlgoDX manages a stream of highly confidential and sensitive data shared by its healthcare partners via a private cloud, provided by OVHcloud. Within this secure environment, AlgoDX parses and cleans the data, securely stores it and then trains the algorithm using a range of parameters – blood pressure, heart rate, blood gases, lab test results and more – before returning it to the clinician. From here, the algorithm and its determinations form part of the clinician’s wider armory of diagnostic tools and become integrated into their workflow. It’s a powerful tool in both reactive and preventative care, while also helping to increase efficiency for many healthcare services.

The use, storage and movement of this data is governed by a host of local and Europe-wide regulations, most notably General Data Protection Regulation (GDPR). Yet because of its sensitive nature, health data is additionally governed by specific, additional safeguards. For instance, the process of identifying health data, as a rule, is prohibited, unless the companies involved can cite specific exemptions. In AlgoDX’s case, it’s exempt because its processing “is necessary for the purposes of preventive or occupational medicine” as well as “the provision of health or social care or treatment…pursuant to contract with a health professional.”

These regulations then place a specific ban on the transfer of such “special category” data to countries outside the EU and the European Economic Area (EEA). Again, there are exemptions in place but these are stricter and they require the country of the receiving party to have adequate and appropriate safeguards in place that align with GDPR’s protections.

The global dilemma 

This poses a particular problem for healthtech companies in Europe when it comes to choosing a global cloud host and partner, particularly if they’re looking to scale globally. Firstly, the company and/or its infrastructure needs to be based in Europe to protect the sovereignty of the data and adhere to strict GDPR specifications. This immediately rules out US giants such as Amazon’s AWS or Google Cloud. At the same time, the European provider must have a strong performance and legacy working in the US in order for companies like AlgoDX to partner with hospitals and clinicians in the States.

Secondly, the cloud provider needs to have the very best safeguards in place to guarantee the secure movement of the data and comply with the regulations. This refers to both the encryption and wider security protocols in place, as well as the service’s reliability and uptime guarantees.

Thirdly, the transfer of data in healthcare settings is incredibly timely. In the case of diagnosing and/or preventing sepsis, AlgoDX’s algorithms need to help clinicians analyse the data and make recommendations in real-time. Even a short delay in diagnosis and the administering antibiotics can increase the chances of septic shock, which can in turn lead to organ failure and even death. Thus, the cloud provider must offer adequate and consistent speeds.

And finally, the cloud provider needs the infrastructure and protocols in place that enable the healthtech firm to scale quickly and effectively. From a startup with limited resources to a scaleup and beyond.

“The team spent weeks researching options but OVHcloud came out on top for ticking all these boxes,” said Calle Österlind, CIO at AlgoDX. “It has a reputation as the largest, most reliable and trusted cloud system in Europe, with a strong performance and long history of working with companies globally.”

Empowering startups

As an early-stage startup, AlgoDX was given a place in OVHcloud’s Startup Program. Under this program, founders are awarded 12-month’s worth of free credits to enable them to experience the full power of OVHcloud’s products. Since its launch in 2015, the programme has now hosted over 2,600 startups, selected from more than 8,500 applicants.

“The most useful OVHcloud product for us is its Hosted Private Cloud solution,” continued Calle. “It gives us the maximum control and freedom over our environment that we need. It’s critical for us, for our healthcare partners, and the regulators that we have complete oversight of our data. OVHcloud has enabled us to partner with US healthcare providers and services, and it’s allowed us to scale. When we initially set up the environment with OVHcloud, we aimed for one pilot. We’ve since started two other large-scale projects, both on a commercial basis, and vastly increased the resources we needed.”

OVHcloud’s Hosted Private Cloud acts as a private datacentre that can be accessed from anywhere. Each of the dedicated servers upon which the data is stored is isolated from the wider network. These servers can be setup in less than an hour and the environment upon which they run can be personalised to the company’s needs. This includes being able to connect multiple cloud providers and private hardware to the network, all backed by strict certifications including the SecNumCloud certification.

If a company needs more power, additional resources can be deployed immediately and, as a global cloud giant, OVHcloud can extend and migrate infrastructure as and when needed using its network of datacentres. Then, should something go wrong, the service comes with a Disaster Recovery Plan in which OVHcloud guarantees 24/7 uptime and access to data, even in the event of a disaster.

“With OVHcloud, we know that everything is covered,” continued Calle. “Our teams can get on with the job at hand without having to spend time or resources worrying about our cloud infrastructure and, as it stands, we can’t ever see a reason why we’d stop using OVHcloud.”

Such is the strength of their relationship, AlgoDX recently participated in a number of access to market and funding events, hosted by OVHcloud.

You can also learn more about the OVHcloud Startup Program and apply here.