We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
National guidance has been published today, setting clear expectations for health and care organisations who want to use cloud services or data offshoring to store patient information.
The guidance will ensure that organisations know how to use these solutions safely and securely, especially in the light of the fact that tighter restrictions on the processing and transfer of personal data are being brought in through the launch of the General Data Protection Regulation (GDPR) in May.
The standards will enable NHS organisations to benefit from the flexibility and cost savings associated with the use of cloud facilities.
The document also highlights the benefits for organisations choosing to use cloud facilities. These include cost savings associated with not having to buy and maintain hardware and software, and comprehensive back-up and fast recovery of systems. Together these features cut the risk of health information not being available due to local hardware failure.
It gives a more detailed explanation to help organisations comply with expected standards when choosing to adopt these technologies. It sets out the legalities and best practice as to how data should be stored and used.
Rob Shaw, Deputy Chief Executive at NHS Digital, said: "It is for individual organisations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively.
"The guidance being published today will give greater clarity about how these technologies can be used and how data, including confidential patient information, can be securely managed."
The guidance makes it clear that data must only be hosted within the UK, the European Economic Area, in countries deemed adequate by the EU, or in the US where it is covered by the Privacy Shield.
NHS Digital has worked in partnership with the Department of Health, NHS England and NHS Improvement to create the guidance.
- NHS Digital is the national and information technology partner of the health and care system. Our team of information analysis, technology and project management experts create, deliver and manage the crucial digital systems, services and products and standards upon which health and care professionals depend. During the 2016/17 financial year, NHS Digital published 292 statistical reports. Our vision is to harness the power of information and technology to make health and care better.
- The Cloud refers to a range of products that deliver computing services process outside of the UK. The guidance makes it clear that that the data has to be stored in countries that provide an adequate level of protection as agreed by the European Commission.
- Data offshoring is the terms used when data is stored and processed outside of the UK. The guidance makes it clear that that the data has to be stored in countries that provide an adequate level of protection as agreed by the European Commission.
- The General Data Protection Regulation (GDPR) will take effect in May 2018.
- Uptake of the cloud is increasing all the time and NHS Choices and NHS England's Code4Health initiative are already successfully using the cloud.