Cybernetica: Pursuing secure health data exchange in the midst of COVID-19

secure data exchange covid-19

Article content

The past few months have introduced a dramatic change in global circumstances. Many companies have been forced to pivot and adapt their previous activities to the “new normality,” and rapid innovation has entered the scene in response to the crisis. For some, however, previously ongoing projects suddenly reached a whole new level of value and relevance.

Cybernetica, the Estonian company behind the Unified Exchange Platform (UXP) that sustains a wide array of Estonia’s e-health services, had been pursuing international projects for secure health data exchange even before COVID-19. These included their project TOGETHER for PPE Readiness and other projects for international data exchange of personal medical information, based on the UXP technology. The company has now accelerated their development process, as the importance of trusted and rapid data sharing has suddenly skyrocketed.

Shifting priorities in light of an emergency

“When we started with our project TOGETHER for PPE Readiness, back in September 2019, we had no idea that we will face the situation we have in the world right now in the near future,” notes Meril Vaht, Project Manager and Systems Analyst at Cybernetica. As the aim of the project is to share Personal Protective Equipment (PPE) (masks, gloves, gowns, etc.) data regionally and nationally in the USA for better emergency preparedness, the importance of this undertaking has now increased significantly.

“The system we are building allows trusted data exchange between hospitals, in order to improve their ability to manage PPE inventory,” Vaht explains. “Using the UXP technology, federal and state level organisations are provided access to a set of services that digitally maintain inventory data as well as purchasing and delivery data for the sites that manage stocks of PPE.” The solution provides nearly real-time data, which ensures greater efficiency in PPE distribution during surge demands – such as disease pandemics and other emergencies. It is therefore exactly the kind of solution we would benefit from right now.

Photo provided by Cybernetica

The initial plan saw the end of the project’s first phase, dedicated to testing purposes only, in September 2020. Now that global priorities have undergone dramatic shifts, the company has accelerated the development process. The first three organisations are set to go live by the end of the first phase.

Importance of cross-border data exchange

Cybernetica’s second project on secure exchange of personal medical data touches upon another important consideration that came to the spotlight in the past few months – if an emergency hits an individual when they are abroad, how can we ensure they get the help they need? One possible response to this question is well highlighted in the proof-of-concept project Cybernetica successfully completed in March this year, in collaboration with NTT DATA Corporation and NTT DATA Italy.

“The proof-of-concept focused on a scenario where a hospital acquired the data of a Japanese person, who was receiving medical treatment in the EU, from the patient’s medical records in Japan,” Vaht explains. “In addition to providing better treatment while abroad, seamless and appropriate treatment is available for the patient upon returning to Japan.”

Systems like this support improved communication between doctors, enhanced control over health data records stored in standardised format, and better decision-making and treatment plans. In light of the current crisis, we are also talking about better accessibility, improved possibilities for better data analysis, and so on.

Mitigating risks and safeguarding privacy

In light of the hurried development of new solutions under crisis mode, many have voiced loud concerns surrounding privacy and the potential pitfalls that could occur with accelerated processes. Nonetheless, Vaht assures that despite faster decision-making, critical analysis in the development process is definitely not pushed aside but rather prioritised even more.

The promise of privacy is indeed present in every aspect of Cybernetica’s technologies. When it comes to GDPR compliance, Vaht notes that there are of course many factors to take into account. From the perspective of the implemented technology, the UXP provides technical measures that take care of the security of the interaction between the information systems of one or more organisations.

Due to UXP’s distributed architecture, the UXP members communicate directly with each other and exchange only specified data. The data exchange between organisations is authenticated and encrypted and the service provider can control access to the services. Furthermore, all the messages are signed and timestamped, which prevents misuse of sensitive data.

However, Vaht also notes that the UXP technology covers only one part of the GDPR compliant data exchange. “It is important to keep in mind that the organisation which implements the UXP has to adjust its privacy policy with appropriate requirements of the GDPR. Additionally, the organisation must prove that it has implemented end-user authentication and access control procedures that are compliant with the security requirements.”

Digitalisation can no longer be escaped

Vaht agrees with many observers from Estonia and around the world, that by now there is no doubt this pandemic will push the world towards greater digitalisation. With increased data access and connectivity, we nonetheless have to be mindful of the associated risks. Privacy of digital data and trusted data exchange are therefore going to keep moving further into the spotlight.

“Providing the means to audit and trace back information to its single origins, enables a truly connected and secure world despite the physical distance.”

So, what’s next for Cybernetica?

When it comes to secure data exchange, Vaht says they are hopeful to see a growing number of international projects, in healthcare as well as in other fields in the future. “We are looking to contribute to greater digital accessibility to data and vital services and to that becoming part of the ‘new normality’ for both the public and private sector.”


Today, e-governance and e-services have become a necessity in every country. e-Estonia Briefing Centre – the gateway to Estonian expertise in e-governance, invites you to connect with the Estonian IT companies directly responsible for the successful functioning of the e-state even during a pandemic. Get in touch with us to set up your custom virtual programme with the best partners you could get:

Written by
Adhele Tuulas

Creative Assistant


Visit us physically or virtually

We host impactful events both in our centre and online for government institutions, companies, and media. You’ll get an overview of e-Estonia’s best practices and build links to leading IT-service providers and state experts to support your digitalisation plans.

Questions? Have a chat with us.

Call us: +372 6273157 (business hours only)

Find us

The Briefing Centre is conveniently located just 2 minutes drive from the airport and 10 to 15 minutes drive from the city centre.

You will find us on a ground floor of Valukoja 8, central entrance behind the statue of Mr Ernst Julius Öpik. Photo of the central entrance.

Valukoja 8
11415 Tallinn, Estonia