19 January 2018
National guidance has been published today, setting clear expectations for health and care organisations who want to use cloud services or data offshoring to store patient information.
The guidance will ensure that organisations know how to use these solutions safely and securely, especially in the light of the fact that tighter restrictions on the processing and transfer of personal data are being brought in through the launch of the General Data Protection Regulation (GDPR) in May.
The standards will enable NHS organisations to benefit from the flexibility and cost savings associated with the use of cloud facilities.
The document also highlights the benefits for organisations choosing to use cloud facilities. These include cost savings associated with not having to buy and maintain hardware and software, and comprehensive back-up and fast recovery of systems. Together these features cut the risk of health information not being available due to local hardware failure.
It gives a more detailed explanation to help organisations comply with expected standards when choosing to adopt these technologies. It sets out the legalities and best practice as to how data should be stored and used.
Rob Shaw, Deputy Chief Executive at NHS Digital, said: "It is for individual organisations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively.
"The guidance being published today will give greater clarity about how these technologies can be used and how data, including confidential patient information, can be securely managed."
The guidance makes it clear that data must only be hosted within the UK, the European Economic Area, in countries deemed adequate by the EU, or in the US where it is covered by the Privacy Shield.
NHS Digital has worked in partnership with the Department of Health, NHS England and NHS Improvement to create the guidance.