NHS Digital says public cloud “safe place” for patient data
The technology division of the National Health Service (NHS) has said that it believes the public cloud is a good place to store patient information despite recent high-profile cyberattacks.
NHS Digital issued the advice in a new cloud computing guidance document which sets out how the public cloud could be used by health and social care providers to store confidential patient records, provided data sovereignty requirements are met.
The document refers to “solutions that make use of data offshoring” as one potential route for future data storage - the practice of finding data centres located outside the UK - that the government has previously criticised in 2014.
A document published by the Government Digital Service last year, however, announced that the use of public cloud services across the public sector was appropriate for the “vast majority” of governmental departments.
It also specifies that data must only be hosted within the EEA, a country “deemed adequate” by the European Commission, or in the USA where Privacy Shield laws apply.
The NHS document above all puts emphasis on the provision that the “upmost care is taken when collecting, transferring, storing and processing patient data”.
The overall aim of the guidance is, according to NHS Digital, to demonstrate to stakeholders how cloud computing services can be leveraged safely and securely in the NHS.
Rob Shaw, the organisation’s deputy chief executive, said that the cost and efficiency benefits of using the public cloud would make it an obvious choice going forward, but it was up to each individual organisation or trust to decide whether to use such services.
He added: “The guidance being published today will give greater clarity about how these technologies can be used and how data, including confidential patient information, can be securely managed.”