Modern healthcare is not built solely through new devices, new software, or new facilities. It is built through institutions that know how to manage change, through people who possess the competencies to drive transformation, and through a financial model that ensures continuity rather than dependence on project cycles.
By Azir Aliu
In previous columns, I wrote about a healthcare system that speaks a common language, about restoring the patient to the center of care, and about intelligence that turns data into timely decisions. Yet none of these pillars can function sustainably unless they are supported by a stable institutional architecture.
Digital healthcare represents a new model of governing the healthcare system, not an isolated IT intervention. If data constitute the new infrastructure of healthcare, then governance, standards, security, human capital, and sustainable financing form its foundation.
This is why the fourth pillar of the Digital Health Strategy 2026–2030 is dedicated to governance, human resources, and the long-term sustainability of the system. It is a segment that is less visible than an electronic health record or a telemedicine service, yet its architecture determines whether digital transformation will become a regular way of working or remain merely a project that functions only while external support and initial enthusiasm last.
Technology can be purchased, but institutional capacity is built through time, knowledge, and clearly assigned responsibility. For every platform, it must be clear who manages it and how, who sets the standards, who verifies security, who trains users, who measures outcomes, and who secures resources for maintenance. Without establishing such a chain of accountability, even the most advanced solution can easily become an expensive and isolated system.
The Strategy therefore envisages stronger coordination among the Ministry of Health, the Health Insurance Fund, the “My Appointment” system, the Institute of Public Health, healthcare institutions, and bodies responsible for digital transformation. Legal foundations are needed for data exchange, digital services, telemedicine, patient access, and the secondary use of data. The legal framework must clearly define who has the right to process data, under what conditions, for what purpose, and under what oversight.
Finland offers a clear illustration of how such a model functions in everyday healthcare practice. Kanta is not merely a website where citizens can view information. When a physician in a public or private institution enters a medical record, when an electronic prescription is issued, or when a pharmacy records the dispensing of medication, that information becomes part of a national infrastructure. Another authorized physician can access it when needed for treatment, pharmacists can view valid prescriptions, and citizens can review their own information through MyKanta. For most healthcare providers and pharmacies, participation is mandatory; the rules are established by law, and the national service has a permanent operator and a regular financing model. Finland’s experience confirms that digital healthcare becomes reliable and sustainable when it functions as public infrastructure with clearly defined ownership, rules, and funding.
Yet institutions are only as strong as the people who work within them. Digital transformation requires physicians and nurses who understand how to enter and use data properly, managers who can govern based on performance indicators, and analysts and experts capable of connecting clinical practice, law, financial management, and cybersecurity.
Training must not be reduced to a one-time presentation or a few days of workshop participation before a new system is launched. New tools alter workflows, roles, and responsibilities. Therefore, digital competencies must become a deeper part of medical education, specialization programs, subspecialties, and continuing professional development. Healthcare institutions must also have personnel who provide ongoing, hands-on support to their colleagues.
The same logic can be observed in the NHS Electronic Staff Record in England. NHS organizations in England and Wales use a common platform for human resource management and payroll administration for more than 1.9 million employees. For staff members, this means access to personal information, payslips, and electronic training. For institutions, it provides a single source of truth regarding employment, salaries, positions, qualifications, and professional development. The system processes more than £55 billion in payroll annually. This model demonstrates that workforce management is not a secondary administrative function. Without accurate information about personnel and their competencies, it is impossible to plan healthcare services effectively.
Administrative and ERP (Enterprise Resource Planning) systems also occupy an important place within institutional arrangements. A hospital is a complex organization that manages employees, finances, procurement, inventories, equipment, maintenance, facilities, and processes. If the clinical side is digitized while the administrative side remains fragmented, the system will continue to have blind spots. Sustainable healthcare requires not only knowing how many patients are treated but also understanding how resources are used, where costs are generated, where bottlenecks occur, and where organizational improvements can be made.
In practical terms, this means hospital management should know how much medical material is in stock, what will expire soon, which equipment is in use, when it requires servicing, how much a given process costs, and where procurement delays exist. An operating room should not remain unused because materials were not ordered on time, nor should equipment sit idle because maintenance information was stored in a separate record. An ERP system does not treat patients, but it can prevent organizational failures that directly delay treatment.
Healthcare policy must become financially realistic and institutionally sustainable. Reforms should not depend solely on a single project, donation, or political will. Clear responsibilities, a sound legal basis, trained personnel, stable financing, and monitoring mechanisms are essential. Institutions must know what they measure, why they measure it, and how measurement results are translated into better services.
Sustainability begins even before procurement. Every digital investment must include calculated costs for maintenance, upgrades, licenses, cybersecurity, training, and equipment replacement. The Finnish model offers a practical lesson: healthcare providers and pharmacies connected to Kanta pay user fees for the national infrastructure. In this way, a predictable mechanism is created through which the operation and development of the system do not depend solely on the next project call.
Yet sustainability is not only a matter of financing. It also implies the system’s ability to function safely and continuously, even in the event of technical failures, cyber incidents, or other crises. The more digitally connected healthcare becomes, the greater the obligation to protect its data and critical functions. Healthcare information ranks among the most sensitive categories of personal data, while hospital systems, laboratory networks, electronic health records, and patient portals constitute critical infrastructure. Their protection is therefore not merely an IT responsibility but an integral part of patient safety.
Through the NIS2 Directive (Network and Information Security Directive), the European Union has set a clear direction: key sectors, including healthcare, must achieve higher levels of cyber resilience, risk management, incident reporting, and operational continuity. For us, this is not only a European obligation but a domestic necessity, making resilience a foundational design principle of modern healthcare.
Ireland experienced the practical cost of insufficient resilience in 2021, when a ransomware attack forced the national Health Service Executive (HSE) to shut down its information systems. Medical records and test results became inaccessible, appointments and services were delayed, and staff were compelled to revert to paper-based and telephone communication. Ireland’s experience demonstrated that backups alone do not guarantee business continuity. Hospitals must establish predefined recovery priorities, offline procedures for critical services, clear roles during incidents, and regular continuity exercises. Cybersecurity becomes real when every institution knows exactly what to do in the first hour after an attack.
If the first pillar gives the system a language, the second restores the patient’s voice, and the third provides intelligence for better decision-making, then the fourth pillar creates the stability without which no transformation can endure. Within it lies the invisible architecture of modern healthcare: the laws that protect trust, the institutions that bear responsibility, the people who implement change, the systems that make resources visible, and the financing that ensures continuity.
Citizens may not always see this architecture, but they will feel it in every timely service, every accessible medical record, every functioning piece of equipment, and every institution that knows what it is doing, with what resources, and to what result.
The author is Minister of Health of North Macedonia