NHS Digital has published guidance for health and care organisations that want to use the public cloud to store patient data.
As well as the ability to work more flexibly, NHS Digital says that the cloud will lower costs by avoiding hardware and software purchases and maintenance. However, critics have questioned the security of the move.
The guidance sets out legalities and best practices for data storage and usage in the cloud, and is aimed at ensuring that NHS organisations understand how to use the cloud safely; a topic becoming even more important with the impending GDPR legislation.
The GDPR requires European citizens' data to be stored within Europe, or a country that is compliant with the European Commission's data protection regulations. The NHS's guidance echos that, with data able to be stored in the UK; European Economic Area; and ‘countries deemed adequate by the European Commission'. These include Canada, Andorra and Uruguay.
However, the Open Rights Group has said that hosting sensitive patient data offshore is ‘dangerous'.
Jay Killock, executive director of the Open Rights Group, told the BBC:
"This is a dangerous move that could open up patient data for surveillance purposes, and that could have ramifications for patient health.
"People might avoid getting care, which would obviously be very bad. Patient confidentiality has to come first."
Killock is especially critical of the UK-USA Privacy Shield arrangement (the USA is one of the countries deemed ‘adequate' by the European Commission, where covered by Privacy Shield), which he called "highly open to legal challenge."
Carl Leonard, principal security analyst at Forcepoint, had a warning for the NHS:
"Be aware that for large enterprises, 30-to-40 per cent of IT spending comprises shadow IT, which can be made up of unsanctioned cloud services. Your employees may have already moved to cloud without your knowledge."
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws