NHS unveils new data storage guidelines and inks cyber deal with Microsoft

Guidelines intended to improve flexibility and cut IT costs

NHS Digital has unveiled a string of new rules that will enable care providers to store patient data in the public cloud.

Security specialists and government officials have shown concern over the storage of patient data in the past, so these new rules show that organisation has had a change of heart.

On Tuesday, the NHS released a report outlining the new guidelines. They're aimed at reducing costs and increasing data sharing across the health institution.

Many providers already store public data using cloud services, including Code4Health and NHS Choices. However, the organisation had been hesitant to implement official rules on the topic.

NHS organisations are now allowed to use cloud services if they're based in the European Economic Area, countries that are deemed to have suitable data regulations in place, as well as locations in the US where Privacy Shield is active.

These guidelines are likely to change when the UK leaves the European Union over the next few years, and they come as GDPR is about to come into force, which will become the new Data Protection Act, post-Brexit.

Rob Shaw, deputy chief executive at NHS Digital, said that the new guidelines will give organisations the ability to implement their own cloud strategies.

"It is for individual organisations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively," he said.

"The guidance being published today will give greater clarity about how these technologies can be used and how data, including confidential patient information, can be securely managed."

To coincide with the guidelines, NHS Digital has also signed a deal with Microsoft to deploy a threat-detection service that should alert officials about potential cyber security threats.

Rob Bolton, director and general manager for Western Europe at cyber security firm Infoblox, warned that the adoption of cloud services outside the UK needed to be done with security strongly in mind.

He said: "The NHS faces major challenges that require it to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands.

"However, while digital transformation presents a massive opportunity to support the doctors and nurses who work tirelessly for the good of their patients, these new technologies also introduce new cyber risk that must be mitigated.

"It's encouraging then, that Microsoft and NHS Digital are working together on a system that will enable healthcare providers to react more quickly to threats to their IT networks and, hopefully, take the steps necessary to prevent these threats from causing any lasting damage."