Offshoring Data of NHS (National Health Service) England

kreid

Involved In Discussions
#1
Hello,

I have heard that the offshore storage of sensitive data from NHS England is prohibited.

Does anyone have any specific references for this?

Thanks
 
Elsmar Forum Sponsor

pkost

Trusted Information Resource
#2
I'd take a look here:
14.1-209

It doesn't appear to be specifically prohibited, but it must comply with the Data protection act (soon to be replaced by the General data protection regulation)
 

Ian_Morris

Involved In Discussions
#3
I would ask where the instruction that data must not be off-shored has come from, it may be a mis-interpretation of the requirement or someone who is mitigating the potential risk for a data breach by not allowing off-shoring the data.

Looking at the site mentioned by pkost, the NHS site references the Data Protection Act and the DPA principle 8 states

"Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data."

There are circumstances where data can be off-shored, i.e. the EU-US bi-lateral agreement known as the privacy shield, but generally you have to be careful to ensure that no data goes outside of these parameters.

The key thing would be to check data storage and transfer to make sure that it is bound contractually to being compliant with EU Directives and DPA and there is no clauses about the supplier moving the data.

Just one final thought, as with anything like this, I would recommend obtaining legal advice and use specialist contractors for data storage or processing.

Hope this helps.

Ian
 
Thread starter Similar threads Forum Replies Date
Z Minitab - Updating Graph with specific data points Using Minitab Software 1
E PEMS Hazards - IEC 60601 Clause 14.6 - Internal data use - Pressure sensor IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
K Transform variable data into attribute data Reliability Analysis - Predictions, Testing and Standards 24
R Clinical evaluation without clinical data - MDR Article 61(10) EU Medical Device Regulations 6
H Capability Data for Paint Thickness on Painted Parts Statistical Analysis Tools, Techniques and SPC 10
D BS EN 62304 - Medical-Relevant Data C.5 - Definition of IEC 62304 - Medical Device Software Life Cycle Processes 5
T Submitting MR Compatibility Data for 510(k) Cleared Device Other Medical Device and Orthopedic Related Topics 2
S Quality manager considering data science Quality Manager and Management Related Issues 19
A What are Practical data center best practices IEC 27001 - Information Security Management Systems (ISMS) 0
U Do we need clinical trial data for Class IIa medical device under MDR EU Medical Device Regulations 7
S Average and standard deviation of Cumulative Data Statistical Analysis Tools, Techniques and SPC 5
V IS/ISO/IEC 17025:2017 Clause 7, sub clause 7.11 Control of data and information management ISO 17025 related Discussions 1
Watchcat CERs Literature Databases - Searching for data to evaluate EU Medical Device Regulations 16
D Transformation of Data Normality Failed Using Minitab Software 11
J Sample size for creating a data base as a reference to a tested variable Other Medical Device and Orthopedic Related Topics 6
M GUDID data deficiency communication - IS THIS A SCAM? ISO 13485:2016 - Medical Device Quality Management Systems 29
H Question about implications of performing Firmware upgrade via MDDS - Medical Device Data Systems 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
R Demonstrate how sufficient levels of access to data is achieved - Claims of equivalence EU Medical Device Regulations 3
R Material safety data sheet (MSDS) related clause in IATF 16949 manual IATF 16949 - Automotive Quality Systems Standard 17
CPhelan Using clinical trial safety data for evidence for CE marking EU Medical Device Regulations 7
M Informational US FDA – MDR Data Files – Alternative Summary Report Data Since 1999 Available Medical Device and FDA Regulations and Standards News 0
CPhelan Do you require MDSAP for CE Marking of a Medical Device or is ISO13485:2016 with clinical data sufficient? CE Marking (Conformité Européene) / CB Scheme 5
M Data analysis Design of Experiments Using Minitab Software 3
S Seeking efficient method to manage install base data Manufacturing and Related Processes 0
V Every good documentation practice observation is an data integrity issue US Food and Drug Administration (FDA) 7
M Informational US – National Evaluation System for Health Technology Coordinating Center (NESTcc) Solicits Public Comments for Data Quality and Methods Frameworks Medical Device and FDA Regulations and Standards News 0
M Informational Eudamed Data Exchange Guidelines Medical Device and FDA Regulations and Standards News 0
M Informational EU – Eudamed Data exchange services and entity models introductions Medical Device and FDA Regulations and Standards News 4
M Informational EU – M2M Data Exchange available services for accessing MDR EUDAMED data available for Economic Operator (EO) organisations Medical Device and FDA Regulations and Standards News 0
V What is the criteria to cite an good documentation practices observation as an data integrity related issue US Food and Drug Administration (FDA) 6
D Do we need normal data for gage r&r studies? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 5
M Automatic Data Gathering Requirements and Privacy Implications Medical Information Technology, Medical Software and Health Informatics 0
R Over read of physiological data by technicians EU Medical Device Regulations 0
L How to evaluate the process capability of a data set that is non-normal (cannot be transformed and does not fit any known distribution)? Capability, Accuracy and Stability - Processes, Machines, etc. 12
M Informational EU – EUDAMED UDI Device Data Dictionary + data sets Medical Device and FDA Regulations and Standards News 0
F Mig Welded Components - IMDS International Material Data System RoHS, REACH, ELV, IMDS and Restricted Substances 1
L SPC: Methods to collect data IATF 16949 - Automotive Quality Systems Standard 6
M Informational MDCG 2019-4 Timelines for registration of device data elements in EUDAMED Medical Device and FDA Regulations and Standards News 0
M Informational FDA Panel: Too early to pull textured breast implants over cancer risk, need more data Medical Device and FDA Regulations and Standards News 0
M Informational Health Canada begins release of clinical data Medical Device and FDA Regulations and Standards News 0
M (How To) Getting Data From Vision Machine To Reporting Software Misc. Quality Assurance and Business Systems Related Topics 0
S Minitab - Factor Analysis: Label on second series of data for Biplot Using Minitab Software 4
J ISO 13485 8.4 Analysis of Data - Procedure example ISO 13485:2016 - Medical Device Quality Management Systems 1
MrTetris GDPR - Purposes and duration of data collection Other ISO and International Standards and European Regulations 8
MrTetris GDPR - General Data Protection Regulation - Only applicable to EU data? Other ISO and International Standards and European Regulations 6
M Informational USFDA Final Rule – Human Subject Protection; Acceptance of Data From Clinical Investigations for Medical Devices Medical Device and FDA Regulations and Standards News 0
R Non Normal Data in a historically normal process Capability, Accuracy and Stability - Processes, Machines, etc. 6
P Large data sets of continuous individual data - Estimated or actual deviation Capability, Accuracy and Stability - Processes, Machines, etc. 2
J PMS Competitor Device product data from (MAUDE or TPLC) ISO 14971 - Medical Device Risk Management 3
S How to collect complaint data from customers Customer Complaints 24
Similar threads


















































Top Bottom