Medical Records: Databases

Department of Health and Social Care written question – answered on 7th January 2019.

Alert me about debates like this

Photo of Lord Freyberg Lord Freyberg Crossbench

To ask Her Majesty's Government in which countries the NHS is permitted to host patient identifiable health data; and whether this includes the UK.

Photo of Baroness Manzoor Baroness Manzoor Baroness in Waiting (HM Household) (Whip)

The National Health Service does not operate a data localisation policy. In January 2018 the Department, NHS England, NHS Digital and NHS Improvement published guidance for the NHS on offshoring patient data. A copy of NHS and social care data: off-shoring and the use of public cloud services is attached.

NHS and social care organisations are permitted to host patient identifiable data in countries that provide an adequate level of protection; within the United Kingdom, the European Economic Area, countries deemed by the European Commission to have adequate protections for the rights of data subjects, or in the United States where covered by Privacy Shield. There are no restrictions on where in the UK data may reside. For example, data from the NHS in England data may be hosted in Scotland, and vice versa.

The guidance makes clear that while there are no additional risks attached to hosting data offshore, local data controllers should adopt a risk based approach to decision making about offshoring data. This provides data controllers with the option of keeping data onshore when they feel it necessary to do so.

Does this answer the above question?

Yes0 people think so

No0 people think not

Would you like to ask a question like this yourself? Use our Freedom of Information site.