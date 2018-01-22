UK Hospitals Can Now Store Confidential Patient Records In the Public Cloud (zdnet.com) 45
The National Health Service (NHS) has given hospitals the go-ahead to store sensitive patient records in the cloud. "NHS Digital said the advantages of using cloud services include cost savings associated with not having to buy and maintain hardware and software, and availability of backup and fast system recovery," reports ZDNet. "'Together these features cut the risk of health information not being available due to local hardware failure,' said the report." From ZDNet: Rob Shaw, deputy chief executive at NHS Digital, said: "It is for individual organizations to decide if they wish to use cloud and data offshoring but there are a huge range of benefits in doing so, such as greater data security protection and reduced running costs when implemented effectively." The UK government introduced a 'cloud first' policy for public sector IT in 2013, and NHS Choices and NHS England's Code4Health initiative are already successfully using the cloud. NHS Digital's guidance said that the NHS and social care providers may use cloud computing services for NHS data, although data must only be hosted within the European Economic Area, a country deemed adequate by the European Commission, or in the U.S. where covered by Privacy Shield.
Why would they care?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission
https://en.wikipedia.org/wiki/... [wikipedia.org]
Brexit is the prospective withdrawal of the United Kingdom (UK) from the European Union (EU).
https://en.wikipedia.org/wiki/... [wikipedia.org]
The UK version of the principles of GDPR, as in the country specific legislation, which all in EU are implementing, is already agreed to be enacted. Brexit has nothing to do with it and doesn't mean it will be discarded.
Brexit has nothing to do with it
Brexit has something to do with it.
and doesn't mean it will be discarded.
But it means they can adapt it as they see fit:
http://www.computerweekly.com/... [computerweekly.com]
Thats why so much of the US gov/mil work is plain text, on internet facing networks.
What can possibly go wrong... (Score:3, Informative)
Likely much less than what goes wrong when left up to a bunch of lowly paid doctors and administration assistants.
Likely much less than what goes wrong when left up to a bunch of lowly paid doctors and administration assistants.
When we find 5,000 doctors offices all get sold the same sub-standard cloud solution that gets hacked, I highly doubt it.
Re:What can possibly go wrong... (Score:4, Interesting)
Probably not much more...
Yes! I can see THIS ending well!
*Facepalm*
PR disaster in the making (Score:2)
"The cloud" is setting itself up for a really huge public failure because a breach in one portion can more easily be re-used in all portions. If the back ends are consistent enough to get the economy-of-scale cloud promises, that consistency also means hackers can leverage their knowledge to get access to a larger group of systems.
This is NOT saying that on average clouds are riskier, it only means that breaches will be quite public because it will affect more organizations.
It's sort of comparable to travel
Maybe that should be the case, but the reality is quite different.
Time and again, we have seen that even serious data breaches on a massive scale have no real consequences for the negligent party, even if the data involved is highly sensitive.
Meanwhile, the NHS getting hit by WannaCry not so long ago was headline news for a long time, and rightly so given the crippling effect it had on real world patient care.
The GDPR looks like a significant overhead for small businesses and a good excuse for the EU to fine large ones.
Probably better than a bunch of WinXP Machines (Score:2)
They "dispute" the figure of course.
Around the time of WannaCry
"A reported 90 percent of NHS trusts run at least one Windows XP device, an operating system Microsoft first introduced in 2001 and hasn't supported since 2014."
https://www.wired.com/2017/05/... [wired.com]
Re:Probably better than a bunch of WinXP Machines (Score:4, Informative)
"At least one" could refer to one air-gapped PC in the whole department that runs a particular application or device driver whose publisher refuses to make available a version compatible with a more recent version of Windows or a competing operating system at a reasonable or any price.
Thank you for volunteering to foot the bill to replace a multi-ten-thousand-pound peripheral that's mechanically working but has no driver for new Windows with a multi-ten-thousand-pound replacement that has a driver for new Windows.
"At least one" could refer to one air-gapped PC in the whole department that runs a particular application or device driver whose publisher refuses to make available a version compatible with a more recent version of Windows or a competing operating system at a reasonable or any price.
Not health related, and yes we have these. Quite a few actually. *Not* spending tens to hundred of thousands on new hardware just so you can upgrade the OS of an airgapped device to a newer version of Windows is good sense.
What could possibly go wrong?
What could possibly go wrong?
The universal excuse for not trying anything innovative. It's so much easier to do nothing until we get bypassed by other countries, which we can then flame for "stealing" "our" tech.
Outsourcing data storage is innovation? Client/server architectures are novel?
No issues (Score:3)
as long as the data is fully encrypted while sitting on or traversing cloud networks.
If they decrypt / encrypt it locally on the client or even a hospital owned proxy server, then the data should be fine.
At no point should this type of data reside on the cloud or the connecting networks outside of the hospital in any unencrypted form.
Re:No issues (Score:5, Insightful)
Protection from malware is an advantage of the cloud. Cloud services are much more likely to have proper, secure backups that are much less vulnerable to attack than some random organisation with a small IT department. Yes, client devices will get infected with ransomware and encrypted files will replace the originals in the cloud. Who's more likely to have good backups: underfunded IT in the next building or a cloud provider?
Not saying I don't have serious reservations about putting personal data in foreign hands.
Malware will hit locally owned data just as hard and fast as it will Cloud data. The hospitals hit recently with the ransomware crap comes to mind.
Make sure your Cloud provider is doing backups or, better yet, use more than one provider.
We all know how this is gonna turn out, right? (Score:1)
Find out what most people will need to be medicated with long term and offer new expensive medical support for that.
The data sets will be a marketing dream for any new sales pitch to the UK gov.
Screw it, may as well (Score:2)
On an associated subject: with all the advances being made with neural interfaces, how long do y'all think it'll be before they have ransomware for your wetware?
Russia/China will offer cheap off-shoring... (Score:4, Interesting)
And I am sure they will keep that data safe, and well back-up-ed, given how valuable it might become when tinkering with the next election or blackmailing the next politician.
Just like this [sfgate.com].
Cost savings is largely a myth (Score:1)
For any deployment of reasonable size, the cloud is not economical. Yes it does save you from having to hire hardware jockeys, but you have to replace them all with experts in cloud provisioning and configuration. For the UK NHS to move to the cloud is going to cost them a boatload of money.
At least all those pounds sterling will likely pay for actual security and robustness, but it’s bothing they couldn’t have gotten by spending even less to build and maintain it themselves.
This American craves online medical records (Score:2)
One of the first rules of database design is to capture every piece of data only once, and then keep it secure. I don't want to have to tell every new doctor I visit my mediacal history all over again from the beginning, and then keep regurgitating it everyyear for every practitioner. If information like my age when I had measles is important, we can't keep running the risk that I will start getting the date wrong as the years go by.
I want an online medical jacket that contains my entire history, accessible to any doctor I authorize.
It'll be fine, they all leaked already: (Score:3)
