The United Kingdom’s National Health Service (NHS)
Department of Health and Social Care Information Center
policy mandates that all organizations that process NHS
patient data and systems must provide assurances that they
are practising good data security and that personal
information is handled correctly.
NHS Digital, a national public body in England, has
developed the Data Security and Protection Toolkit (DSP
Toolkit), an online self-assessment tool that allows
organizations to assess themselves or be assessed against
information governance policies and standards.
We’ve published a Google Cloud whitepaper that discusses
the compliance landscape for UK health data and, for
organizations accessing patient data in England, an overview
of NHS and the DSP Toolkit. The whitepaper outlines how we
have implemented the NHS DSP Toolkit requirements and how we
can help our customers meet their applicable requirements.
status of our DSP Toolkit compliance
can also be found at the NHS site.
Google Workspace is also accredited as
a secure email service for
health and social care in the UK and includes where email is
used for the sharing of patient identifiable data.
Use of Public Cloud guidance
sets clear expectations for health and care organisations
who want to use cloud services. The ‘Cloud Security Good
Practice’ guide includes minimum standards structured around
the National Cyber Security Centre’s (NCSC) 14 Cloud
Security Principles. Google provides information about how
Google Cloud Platform and Google Workspace align with
National Cyber Security Centre (NCSC) Cloud Security
Principles'. See the
Google NCSC Cloud Security mapping
for more information.
We have also achieved
Cyber Essentials certification
for both Google Cloud and Google Workspace.