This NHS and social care data: off-shoring and the use of public cloud services guidance has been written jointly by NHS Digital, NHS England, the Department of Health and Social Care and NHS Improvement.
This guidance explains the safeguards that must be put in place so health and social care organisations can safely locate health and social care data, including confidential patient information in the public cloud including solutions that make use of data off-shoring.
The following documents have been created by NHS Digital to provide more detailed guidance:
Cloud security good practice guide
This document provides advice and guidance about the safeguards that should be put in place to enable health and social care organisations to safely locate health and care data, including patient information, in the public cloud.
Cloud risk framework
This guidance presents a framework for assessing and managing risk around the use of public cloud technologies in the health and social care sectors in England. This framework is intended to be treated as guidance and is recommended to be used by individual data controller organisations as they consider the use of public cloud facilities.
Health and social care data risk model
This risk model provides a consistent way of assessing and recording the details of any proposed use of cloud services, producing a risk class indication.
Health and social care cloud security one page overview
This guidance provides a one page overview to support you in your role as data controller, ensuring that all uses of public cloud are well-executed: known, safe, secure and effective.
Last edited: 10 January 2023 11:27 am