The United Kingdom’s National Health Service (NHS) Department of Health and Social Care Information Center policy mandates that all organizations that process NHS patient data and systems must provide assurances that they are practising good data security and that personal information is handled correctly.
NHS Digital, a national public body in England, has developed the Data Security and Protection Toolkit (DSP Toolkit), an online self-assessment tool that allows organizations to assess themselves or be assessed against information governance policies and standards.
We’ve published a Google Cloud whitepaper that discusses the compliance landscape for UK health data and, for organizations accessing patient data in England, an overview of NHS and the DSP Toolkit. The whitepaper outlines how we have implemented the NHS DSP Toolkit requirements and how we can help our customers meet their applicable requirements.
The status of our DSP Toolkit compliance can also be found at the NHS site.
Google Workspace is also accredited as a secure email service for health and social care in the UK and includes where email is used for the sharing of patient identifiable data.
NHS Digital's Use of Public Cloud guidance sets clear expectations for health and care organisations who want to use cloud services. The ‘Cloud Security Good Practice’ guide includes minimum standards structured around the National Cyber Security Centre’s (NCSC) 14 Cloud Security Principles. Google provides information about how Google Cloud and Google Workspace align with National Cyber Security Centre (NCSC) Cloud Security Principles'. See the Google NCSC Cloud Security mapping for more information.
We have also achieved Cyber Essentials Plus certification for both Google Cloud and Google Workspace.