I’m exploring the use of Nox Cloud / Nox Connect within Health NZ for remote access and reporting of sleep study data. The platform is hosted on Amazon Web Services (AWS) in Australia, and I’m looking to understand the process for assessing and approving use of cloud based clinical systems like this.
The appropriate Health NZ contacts or teams responsible for reviewing cloud-hosted vendor software
Whether AWS based solutions (hosted offshore but within Australasia) have a defined approval pathway
Access to any relevant documentation or frameworks (e.g. DPIA, security or risk assessment templates)
Any other specific advice or experience with similar systems that have progressed through this process
Keen to ensure the right approach is taken early and would appreciate any direction or key contacts. This will likely be a nationwide solution across every tertiary level hospital.
I’m afraid that with the current organisational churn within the clinical informatics side of Health NZ | Te Whatu Ora it probably isn’t a good time to seek to get this supported / approved / etc.
Once the recruitment across Digital Services settles down (and the governance structure beds in), it will (hopefully) become much clearer how to proceed with this type of request.
Of note, AWS are due to open their Auckland data centre sometime this year, which should take the sting out of one of your concerns at least:
Can someone less cynical than I offer Simon some more helpful advice?
Sounds like Connected Health might be relevant here. But it’s very much a “let Nox/Google IT Security specialists fight it out with Te Whatu Ora IT Security specialists”. They all speak the same language and their ways are mysterious to outsiders.