Mike Simpson mikie.simpson at
Mon Dec 20 10:39:20 GMT 2010

On 20 Dec 2010, at 08:24, "Mary Hawking" <maryhawking at> wrote:

> Of course, the problem with HMG and NHS is that, even if they know the right
> questions to ask, they appear to have a rule either not to ask them or to
> ignore any answers suggesting this might not be quite what is needed!
> Mary Hawking

As it took Jon 2 years of asking various managers within msft before finally getting an answer by cornering bob in a corridor at the PDC I really wouldn't paint that as being "upfront". I also don't think the question will be asked up here without sotto voce prompting. 

I do think that "private" clouds would be the best way to have patient data on a cloud-based system -physical access and that - and am looking at openstack and also redhat's PaaS (probably once it filters down to CentOS which is our main platform of choice) for this. However I am still at a loss as to why it seems a good idea to add cloud based infrastructure and costs to the already heady mix of local physical servers running NT4 - 2k3, a spattering of old school unix, and the datacentre in central Scotland supplying citrix metaframe access to most of us.
A rationalisation of the current setup would seem more appropriate rather than looking for the next magic wand.

In summary though, without explicit legal contracts stating that your patient data will not leave the datacentre in the UK or EU under any circumstances then you cannot proceed with that company's cloud solution without breaching the DPA - no matter what they promise is "coming soon".

Does that seem fair?

ps please don't think I have an issue with msft per se. It is just that they tend to be front and centre when shiny gets presented and there us a degree of coziness that irks me somewhat.

More information about the ukcrypto mailing list