Health informatics — Cloud computing considerations for the security and privacy of health information systems

Some currently available health information systems were not originally designed to operate in cloud-computing environments. If these systems move to a cloud environment, they must consider the necessary security and privacy precautions.

This document provides an overview of security and privacy considerations for electronic health records (EHRs) in a cloud-computing service. It also provides guidance on selecting service providers in the public cloud for safely locating healthcare data, and confidential patient information (including solutions on handling of data off-shoring).

Main sections:

· Scope

· Cloud computing

· Overview of considerations for health information in cloud-computing environment

· Health information security

· Information security policies

· Annex A: Example guidance from the UK for selecting and risk managing cloud based digital health services

· Annex B: Detailed advice and guidance

· Annex C: Service classification recommendations