Heads in the cloud: Is the NHS up for sale?

In the week Donald Trump arrived in the UK saying that any trade deals between us and America after Brexit must have the NHS on the table, I also learned that 40 million patient records are to be transferred to 'the cloud'.

I found out early last week that as of the June 10 2019, EMIS will be transferring 40 million patient records to Amazon Web Services (AWS), a third-party cloud-based service owned by Amazon.

What is the Government saying?

With all this going on, Health Secretary Matt Hancock has stated that the NHS is not being privatised, and should not form part of any post-Brexit deal with America. In fact, he also says that if he becomes Prime Minister he will roll back some of the current privatisation.

This is the first I have heard about the move to cloud-based storage, and apart from a couple of brief announcements in December 2018 there has been little or no reporting of it online.

EMIS will have had to get permission from NHS England and the Health Secretary to make this move and, in my mind at least, this contradicts the Health Secretary’s comments. Neither our LMC nor our CCG knew about the change and I am sure many others have no idea this is happening.

Mixed messages about the switch

I only got to find out about this move when EMIS advised my practice that we ‘may want to tell our patients’ of the changes to their patient records. An email we received from the GPC made it clear that there is no ‘may’ about it - under GDPR and the DPA 2018 it is mandatory to tell patients about this change.

As the records are supposedly being transferred over a period of time, providing such details presents a series of problems.

The biggest question to me is: why does the biggest provider of healthcare clinical systems have to transfer our data to a third party? I do not understand why permission was granted. I may not be very technical but the thought that patient records are being stored ‘in the cloud’ worries me.

My concerns over data safety

No matter how safe these systems may be, where there is a will, there is always a way to launch cyber-attacks and for data to find its way into the wrong hands. Whilst we are assured that AWS is a UK-based company, the holding of sensitive data by another company does not seem right.

We are seeking advice from our Data Controller but this whole episode leaves me further concerned as to where the NHS is heading. So who should we believe? To be quite honest I’m not really sure - and I feel the NHS is being used as a political pawn by any number of people.

First Practice Management members can access tools and documents that present GDPR in clear and straightforward terms, with resources including a sample Data Map and Privacy Impact Assessment available in our GDPR toolkit area and Policy Library.


Kenneth 10/06/2019

I for one am pleased mine and my patients data is moving to the cloud. Amazons track record is far better than emis in terms of reliability, and it’s probably even more secure given the billions they invest every year on R&D. I’m not technical either but as far as I can read, the data is just moving from emis cloud to amazons cloud. What difference does it make as long as it’s safe?

JB 07/06/2019

How the hell has this been allowed to happen?? We can't tell patients about these changes if we don't get told in the first place, and is it even lawful? What about patient confidentiality rights in all of this?

Leave a Comment


Upcoming Events

There are currently no events scheduled.


Practice Manager - Bristol, BS40 6HF

Closing Date: 30 June 2020

Salary: £43,700

Practice Manager - London, Clerkenwell

Closing Date: 10 June 2020

Salary: According to experience

Practice Manager - Bristol, BS40 6HF

Closing Date: 30 June 2020

Salary: £43,700

Practice Manager - London, Clerkenwell

Closing Date: 10 June 2020

Salary: According to experience

What others are viewing now

Latest Forum Posts

Fetching latest posts...