NHS Digital greenlights off-shore data storage

The guidance says it will reduce costs, but campaigners argue it raises data protection concerns

NHS Digital has said that care providers are allowed to store patient data in the cloud if they wish, as part of new guidelines that attempt to reduce costs and increase data sharing across the health sector.

A handful of providers already use public cloud services to store patient information, including NHS Choices and Code4Health, however, the new guidance gives an official nod to its use.

Advertisement - Article continues below

The report, released on Tuesday, sets out guidelines for organisations looking to move data to cloud services, providing they operate within the European Economic Area (EEA), areas within the US that are covered by Privacy Shield, or other countries deemed to have adequate data protections in place.

Part of the guidance will also ensure organisations are able to handle data securely, particularly given the tougher restrictions soon to be enforced by GDPR in May, according to NHS Digital.

"It is for individual organisations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively," said Rob Shaw, Deputy Chief Executive at NHS Digital.

"The guidance being published today will give greater clarity about how these technologies can be used and how data, including confidential patient information, can be securely managed."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

He added that the use of cloud services would help avoid instances where patient data is not available due to local hardware failures.

However, the guidance has received criticism over the areas in which health providers can choose to store data, particularly those services in the US.

Jim Killock, executive director of Open Rights Group, told IT Pro: "Allowing data to be transferred to the USA under Privacy Shield is dangerous. Privacy Shield is open to legal challenge because US law lacks privacy protections, especially for surveillance.

"Allowing the NHS to move data to the USA could open up UK patient data for surveillance purposes, and that could have ramifications for patient health. People might avoid getting care, which would obviously be very bad. Patient confidentiality has to come first."

The guidelines may also be seen by many as an attempt by the NHS to reform its image after a number of data protection scandals. In 2011, five NHS bodiesfailed to take "appropriate steps to secure sensitive information", following an investigation by the Information Commissioner's Office.

The organisation also came under fire last year for an "inexcusable" data sharing agreement that allowed Google's DeepMind to access 1.6 million patient records. Following an ICO review, the NHS's agreement with the AI firm was found to be in breach of data protection laws.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/nas/27920/best-nas-drives
network attached storage (NAS)

Best NAS drives 2019

19 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020