UK Hospitals Can Now Store Confidential Patient Records In the Public Cloud

The National Health Service (NHS) has given hospitals the go-ahead to store sensitive patient records in the cloud. "NHS Digital said the advantages of using cloud services include cost savings associated with not having to buy and maintain hardware and software, and availability of backup and fast system recovery," reports ZDNet. "'Together these features cut the risk of health information not being available due to local hardware failure,' said the report." From ZDNet: Rob Shaw, deputy chief executive at NHS Digital, said: "It is for individual organizations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively." The UK government introduced a 'cloud first' policy for public sector IT in 2013, and NHS Choices and NHS England's Code4Health initiative are already successfully using the cloud. NHS Digital's guidance said that the NHS and social care providers may use cloud computing services for NHS data, although data must only be hosted within the European Economic Area, a country deemed adequate by the European Commission, or in the U.S. where covered by Privacy Shield.

Russia/China will offer cheap off-shoring...

[ffkom]

... of course not openly, but through a maze of sub-sub-sub-sub-contractors ultimately handling the "cloud" hardware the NHS information will reside on.

And I am sure they will keep that data safe, and well back-up-ed, given how valuable it might become when tinkering with the next election or blackmailing the next politician.

Re:What can possibly go wrong...

[Rick+Schumann]

Having worked for a medical device company (device incorporated a computer running Windows; not my choice, man!) and having had to provide tech support for it, I can attest to the fact that despite doctors having 8+ years of schooling, they very often can be quite dumb especially when it comes to computers and operational security procedures. Seriously, when you have your device show back up at your company for service and it's got virii and/or malware installed on it because so-called 'medical professionals' were browsing the internet (porn) on it, you must conclude they weren't very smart. Then there's the time I get a call from a doctor from the operating room (no lie; I heard the beep.. beep.. beep.. of the patients' heart monitor) expecting me walk him through how to operate the device because he couldn't be bothered to learn how to do it beforehand. And some people wonder why I don't take everything doctors tell me as 'word of God'.