NHS okays hospitals and doctors storing patient data on public cloud servers

Originally published at: https://boingboing.net/2018/01/23/hospitals-are-computers.html


What could go wrong? I mean what is the worst that could happen?
PS I’m sarcastic


It’s okay. You’ll never guess what the password is!


I’m glad I don’t live in the UK. Where I lose my Boba Fetts is between me and my doctor.


This is already happening in the US, companies can’t wait to get up into the cloud, and EHR providers are scrambling to understand the platforms and start hosting it there for their customers before they start doing it themselves.

Encrypting patient data at rest and on the wire should be an ironclad requirement of this system.

At rest buys you protection from a stolen HDD, on the wire protects you from someone listening (but come on, most everyone is using TLS for this already). This is obvious stuff, and encrypted data at rest, at least in Azure, is moving towards the default.

What Cory doesn’t mention is the next step of encryption in the database, or encryption on the file system. Basically, encrypted everywhere except in memory. This helps you protect from if your VM is breached. (And most healthcare IT systems will be running on VM’s, at least until they are re-written to run as cloud-native services).

public cloud servers

If it has a public IP, it’s public regardless of whose data center it’s in. Being “in the cloud” doesn’t make it public by itself! All of my servers I am working with are cloud hosted, but are only accessible from the company intranet. I suppose I’m going to get skewered again for nitpicking about what “Cloud” actually means…


All the encryption and cloud storage and other systems in the world won’t get people the real benefit of EMR until organisations like the NHS take one clear position: that the entire medical record (including the billing history) is owned by the patient – not the hospital, not the GP, not the insurer – and that it is up to the patient or his designated agent(s) to choose with whom under and what circumstances he shares information from that record.


who needs it now

Oh yeah, by the way, I just dug through most of the documents which are linked off the guidance page.

Encryption is mentioned in the baseline electronic record guidance:


So kinda already covered, at least for over-the-wire.

Except of course (unless I’m missing something) that this worry is entirely pointless since the UK government - who run the UK spies- already has the data - they run the NHS
In that sense the best security is in the current NHS omnishambles where half your data may not be recorded at all, the other half is at least half wrong and most of it is only recorded in a paper file shelved in an industrial unit in Wolverhampton under someone else’s name.


Medical records should not be available online via the cloud or via a healthcare provider.
All such data should be exchanged using HL7 over site to site VPN between healthcare providers. Clinical data systems should not be sharing network topology with any other systems. This is an old problem with proven solutions. The idea that there is some budgetary reason to not have implemented this already at all clinical sites just doesn’t hold water.

I suspect this above is where the problem lies.

Who is going to sign off a proposal to use existing stable solutions to a well-known problem when there are so many exciting newthings™ available‽



So at the minute, if my GP sends me to see a hospital doctor for something, the only information the hospital doctor has is the things that the GP writes in the referral - they can’t see my medical records, or the results of any tests. Sorting this would be save time and money and improve patient outcomes. The cloud seems to me a potentially sensible way of doing this without the mega-costs of trying to design a custom NHS system - which even the last Labour government found far too expensive.

That’s good - and hopefully it’s minimum of TLS 1.2.

But, as stated earlier in the thread, the files and databases all need to be encrypted at rest as well. Easy to do, but slightly more expensive and requires slightly more skilled developers and admins.

The New Zealand government have this all nailed, by the way, and are leading the world in good quality IT projects.

Actually that’s an interesting thought in the wake of spectre and meltdown: could your kernel generate keys on the fly and then individually encrypt the memory for each process? That could be interesting.

Not scalable at all - there are thousands of providers in the UK, and hundreds of thousands (if not millions) in North America.

You want everything to be point to point? The only reason for that is because the originator claims the data is “theirs” and that’s the problem that has caused this mess up to now.

Centralize and do it right - the NHS can do this, the US is a lost cause.

1 Like

Yeah EHRs in the US are a nightmare situation. I assume NHS has at least some autonomy to decide upon the standards applied to their data rather than having some third parties wrecking plans every time an executive hears about a new unproven technology that they scarcely understand.

1 Like

Based on what do you make this claim. HL7 has already been implemented globally. Point to Point VPN tech is not hard, and pulling a record from the source is an easy task. Do you suppose these providers without an HL7 interface are incapable of implementing one? Is it that you just think having all of your eggs in one massive attack surface is preferrable? What?

What mess is that, Please elaborate on how HL7 data exchange has caused a mess? Or is it that the lack of implementing HL7 at some clinical sites is the real cause of the problem?

Based on twenty plus years of working int he records management industry.

HL7 has been implemented globally - it’s an expensive, complex, non-scalable way of getting billing info between providers. It does nothing at all to harmonize and synchronize EHRs into a single entity owned by the patient. It retains the old outmoded and wrong idea that the data belongs to the provider.

Plenty of people can and could implement HL7 - they choose not to because it doesn’t address the actual issue.

The mess is that there is no actual way to accumulate and save and integrate a medical history and thousands of people die in the US every year because of this. It’s partly an artifact of the completely dysfunctional method of providing healthcare here, but it’s also a lack of sharing of patient records data.

I work in the field and when I moved two years ago the only method my old doctor had to share my records with me or my new provider was fax. HL7 is a symptom of the dysfunction, not a cause.

If you think AWS or other cloud providers are “one massive attack surface”, then you have some reading to do. I can recommend some intro level links.