The benefits of cloud computing for the NHS are significant but public awareness of its use is low. Those are the findings from the latest Ci report: “The Adoption of Public Cloud Services in the NHS: trust, security and public opinion”. Our findings are based on exclusive polling from ComRes, which tested levels of public understanding of data storage options within the NHS and confidence or otherwise in their security, and on interviews with a range of health and care professionals and experts.
Our survey found:
- High levels of trust that the NHS is storing patient data securely: 70% of British adults say they are confident that their NHS data is stored securely, while 25% say they are not confident.
- Low levels of understanding as to how patient data is currently stored in the NHS, with nearly half of respondents thinking that is stored on a national NHS computer server and only 28% thinking that it is stored on a cloud.
- A difference in people’s views between the prospect of their patient data being held by clouds managed by British companies who store data only within the UK (49% of people were comfortable with this) as opposed to being held on clouds manage by global companies (69% of people were uncomfortable with this).
- A desire for more information on data storage in the NHS, with 88% of adults saying it was important to know where and how data is stored and 80% saying it is important to know if data is kept outside of the UK.
Our report looks in detail at recent NHS data handling stories and the current policy and data governance landscape, including the impact of the Cambridge Analytica/Facebook scandal on public trust in data security more widely. We draw out a number of important themes from our research and interviews, including:
- The importance of emphasising the benefits from the adoption of public cloud in the NHS, including: lower costs (freeing up more money for frontline care); greater safety and security of the data; and the opportunity for better care and innovation.
- The need to address some significant challenges for the NHS, including: low levels of digital literacy and technical skills; barriers to maximising the potential of cloud computing, including financial impacts if there are long-term contractual tie-ins to big cloud providers; and the risks from the gulf between the low levels of public understanding of the use of cloud computing, particularly when provided by major global tech companies, and the potential impact should a data security breach occur that is linked to a cloud provider.
Taking the polling and the research together, we conclude that that there should be better engagement with the public to make them aware of the use and benefits of cloud computing in the NHS, and to build their understanding and trust in a way that pre-empts risk, rather than waiting to respond to a security breach or other data handling controversy. We also flag the considerations and trade-offs to be made between choosing a UK-based or global public cloud provider, particularly in relation to data protection and procurement.