NHS Digital has published guidance for health and care organisations that want to use the public cloud to store patient data.
As well as the ability to work more flexibly, NHS Digital says that the cloud will lower costs by avoiding hardware and software purchases and maintenance. However, critics have questioned the security of the move.
The guidance sets out legalities and best practices for data storage and usage in the cloud, and is aimed at ensuring that NHS organisations understand how to use the cloud safely; a topic becoming even more important with the impending GDPR legislation.
The GDPR requires European citizens' data to be stored within Europe, or a country that is compliant with the European Commission's data protection regulations. The NHS's guidance echos that, with data able to be stored in the UK; European Economic Area; and ‘countries deemed adequate by the European Commission'. These include Canada, Andorra and Uruguay.
However, the Open Rights Group has said that hosting sensitive patient data offshore is ‘dangerous'.
Jay Killock, executive director of the Open Rights Group, told the BBC:
"This is a dangerous move that could open up patient data for surveillance purposes, and that could have ramifications for patient health.
"People might avoid getting care, which would obviously be very bad. Patient confidentiality has to come first."
Killock is especially critical of the UK-USA Privacy Shield arrangement (the USA is one of the countries deemed ‘adequate' by the European Commission, where covered by Privacy Shield), which he called "highly open to legal challenge."
Carl Leonard, principal security analyst at Forcepoint, had a warning for the NHS:
"Be aware that for large enterprises, 30-to-40 per cent of IT spending comprises shadow IT, which can be made up of unsanctioned cloud services. Your employees may have already moved to cloud without your knowledge."
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software