Hostwinds Blog

Search results for:


An English firm working with the National Health Service (NHS) as a "_third-party consultant_" has caused severe "_privacy and security_" concerns by uploading "_sensitive patient data_" to Google servers, according to a recent article published by The Web Hosting Industry Review. The report confirmed that PA Consulting uploaded "_patient information from its HES (hospital episode statistics) data, including addresses and hospital records_" to BigQuery – Google's analytics tool. This action raises severe concerns since this tool "_resides on servers outside of the EU and could be a severe breach_, "according to the report.

According to the article, the NHS was "_aware that the data was being uploaded to Google BigQuery_" but states further that "_Google employees were restricted from accessing the information._" The article states that PA Consulting confirmed that the analytics tool "_was able to produce interactive maps directly from HES queries_" within a two-week time frame. Generating these "_queries_" would not have been possible without accessing "_patient location information_, "but the firm confirmed that the "_entire start-to-finish HES dataset across three areas of collection_" including "_inpatient, outpatient, and A&E_" was "_secured_", according to the article.

The article confirms that according to NHS, "_the type of information shared, and how it is shared, is controlled by law and strict confidentiality rules._" A statement on the HSCIC website was quoted in the article to say, "_HES information is stored as a large collection of separate records – one for each period of care – in a secure data warehouse. We apply a strict statistical disclosure control in accordance with the HES protocol to all published HES data._"

Read more about these reported security and privacy concerns here in the full article at The Web Hosting Industry Review website.

Written by Bryon Turcotte  /  March 5, 2014

Need help? Chat now!