When investigating and designing new cloud solutions within the healthcare sector, there are several important standards, principles and guidelines to consider regarding security, access, permissions and controls. It’s vital to consider these carefully with respect to the management of your cloud-based applications and associated patient data. UKCloud Health and our extensive ecosystem of partners can help you design fully compliant solutions that deliver quality healthcare services ensuring the security and integrity of patient information.
Listed below are the three key standards you need to be aware of. To learn more about each one, read more below:
The Minimum Cyber Security Standard
The Minimum Cyber Security Standard (MCSS) was published in June 2018 as the new minimum set of cyber security standards that the government expects its departments to adhere to, and exceed wherever possible. These standards also apply to any third-party supplier that provides services to a department and, as part of the process of following the MCSS, customers need to identify which standards are required to be evidenced by their supply chain.
To find out more information on the Minimum Cyber Security Standard (MCSS) please read more here.
The NHS digital, data and technology standards framework
The NHS digital, data and technology standards framework, which is currently in draft format, describes the new expectations around the use of data, interoperability, and design standards within the NHS. This has an impact across all NHS organisations and within the supplier community to strive to achieve these more demanding standards. UKCloud always takes a proactive approach to data security and we have reviewed our services keeping in mind the new draft standards published by NHS Digital.
The framework outlines the key standards for the use of data, clinical safety, interoperability and design interactions.
To find out more on the NHS digital, data and technology standard framework please read more here.
The Data Security Standards
All NHS digital, data and technology services should achieve the Data Security Standards (DSS) required through the Data Security and Protection Toolkit (DSPT), which is made up of ten standards. The DSPT retains the general principle that organisations should demonstrate that they can be trusted with the confidentiality and security of personal information. It also supports organisations to meet the requirements of new legislation including the likes of the General Data Protection Regulation (GDPR) and Network and Information Systems (NIS) Directive. It is important to note that the DSPT will continue to evolve over time to reflect emerging threats, changing policy and future legislative requirements.
The ten Data Standards are an overarching framework; each standard is broken down into evidence items called assertions which cover the detail required to meet each standard. They cover more than technology, encompassing people and process.
To find out more on the Data Security Standard please read more here.
All aspects of UKCloud Health’s assured cloud platform — from security and service management to sustainability — are underpinned by a comprehensive compliance framework that governs our people, processes, premises and technology to keep your systems safe as per the NHS Data Security & Protection toolkit.
UKCloud Health offers HIPAA Compliant Cloud Hosting
Find out how UKCloud Health implements NCSC Security Principles
Find out more about our System Interconnect Security (SISP) Policy.