Cart
0
£0.00

Who Owns Cloud Data? Trust, Sovereignty and Collaboration at the Health Data Forum Summit in Wales

24/11/2025

When the coffee break ended on Day 1 of the Health Data Forum Global Hybrid Summit in Wales, the room settled into one of the most fundamental questions in digital health today: who really owns cloud data – and who can be trusted to look after it?

Moderated by David Wyndham Lewis, Health & Life Science Partner at Atos, the panel "Who Owns Cloud Data? Infrastructure and Governance" brought together three complementary perspectives:

  • Rachel Dunscombe – CEO, openEHR International and former NHS CIO

  • Rafael Almeida – Director of Infrastructure & Networks, SPMS, Shared Services of the Portuguese Ministry of Health

  • Dr Padmavathi (Padma) Roy – COO of the Data First, AI Later movement and former Chair of The Open Group Healthcare Forum

What followed was not a technical deep-dive into cloud configurations, but a conversation about power, ethics, sovereignty and trust – and how all of that comes to life in real health systems.

David Wyndham Lewis, Atos UK & Ireland
David Wyndham Lewis, Atos UK & Ireland


"Patients Own the Data – Full Stop"

All three panellists started from the same anchor: patients (or citizens) are the primary owners of health data.

They may not control every technical or legal detail, but they hold the moral right to know:

  • How their data is being used

  • Who is looking after it

  • under which rules and safeguards

As Rachel put it, the starting point is simple but demanding: full transparency for citizens about the lifecycle of their data – whether it lives in a hospital, a national platform, or a sovereign cloud.

Padma sharpened that framing with a stewardship model:

  • Patientsprimary owners of data

  • Governmentsstewards responsible for the public interest and safeguards

  • Providers & vendorsguardians who must handle data with professional care and technical discipline

In other words, the cloud may host the data, but it does not own the relationship of trust that the health system must maintain with its citizens.


Portugal's Hybrid Path: Efficiency, Resilience and Sovereignty

Rafael's intervention grounded the debate in the lived reality of a national health system.

Portugal's NHS relies on over 180,000 professionals working daily on digital platforms. After more than a decade working with the cloud, SPMS has learned a set of pragmatic lessons:

  • No silver bullet technology

    "There is no single perfect technology. Every choice has trade-offs. The real challenge is integration and governance."

  • Infrastructure-as-a-Service isn't always economical
    For Portugal, pure IaaS in hyperscale clouds "is too expensive for our system", while Software-as-a-Service has clearly proven its value – particularly for collaboration, mobility and citizen-facing services.

  • Not everything should move to the cloud
    Some systems must stay on-premises and as close as possible to care delivery – for example, intensive care units and critical hospital systems. In the event of catastrophic outages or connectivity issues, local resilience can literally save lives.

  • Multi-cloud to avoid a new kind of lock-in
    Portugal started heavily on Microsoft Azure and is now piloting Google Cloud, with AWS next. The goal is cloud portability and agnostic architectures, so health data as a national asset is never trapped in one provider's proprietary model.

Ultimately, Rafael described the future not as cloud vs on-prem, but as "cloud and on-prem – transparently combined". Efficiency, resilience and sovereignty aren't opposites; they are the three constraints a mature health system must balance.

Dr Padmavathi (Padma) Roy, Health Data Forum
Dr Padmavathi (Padma) Roy, Health Data Forum
Rachel Dunscombe, openEHR
Rachel Dunscombe, openEHR
Rafael Almeida, SPMS
Rafael Almeida, SPMS
David Wyndham Lewis, Atos UK & Ireland
David Wyndham Lewis, Atos UK & Ireland


India's Federated Model and the Risk of "Digital Colonialism"

Padma brought in a global lens, contrasting Europe, the US and India.

  • Europe
    GDPR and the upcoming European Health Data Space (EHDS) are setting a global benchmark for data rights, consent and accountability, especially for secondary uses like research and AI.

  • United States
    Data governance is more fragmented, shaped by HIPAA and state laws, with strong private-sector dominance and widespread cloud adoption. Innovation is high – but centralised trust frameworks are weaker, raising questions abroad.

  • India
    Through the Ayushman Bharat Digital Mission (ABDM) and its token-based account model, India is betting on a federated approach. Data stays local with providers, and access for innovation is governed by tokens linked to citizen consent.

Padma warned of two interconnected dangers:

  1. Vendor lock-in – not only at the application layer, but at cloud and data model levels, if standards like FHIR and openEHR are not adopted consistently.

  2. Digital colonialism – when emerging regions leapfrog directly to the cloud, but become structurally dependent on a handful of big tech providers without retaining real sovereignty or bargaining power.

Her conclusion was clear: open standards, national stewardship and strong governance boards are essential counterweights if we want the cloud to enable innovation without sacrificing autonomy.

Does Cloud Conflict with Good Governance?

When David asked whether cloud infrastructure conflicts with good data stewardship, both Rachel and Padma gave a nuanced "no, but…"

Rachel separated where data lives from how it is governed:

  • A record can be stored in a sovereign EU data centre or an on-prem server –
    What matters is logical governance: clear separation of data from applications, standardised formats, robust access controls and auditable processes.

  • Sovereign cloud initiatives (like AWS's EU sovereign cloud) show that hyperscalers can operate under tighter jurisdictional and residency rules – if the right contractual and technical constraints are in place.

Padma argued that cloud's "borderless" nature is exactly why multi-country governance boards are needed – much like international aviation safety bodies. Cloud can support:

  • 24/7 access to records across borders

  • international patient summaries for travellers

  • global-scale research and AI models

…but only if citizens can see who accessed their data, when, and for what purpose, and if independent assurance frameworks (ISO 27001, ENISA guidance, etc.) function as trusted "safety stamps" for cloud services.

Trust Is Fragile – and Not Just Between Citizens and Vendors

The panel repeatedly came back to trust – both its importance and its fragility.

David reminded the room that in the UK, several major data programmes have been delayed or cancelled when public trust was lost. Once that happens, no level of technical sophistication can save the project.

Padma went further: countries don't fully trust each other either. Cloud makes data technically borderless, but accountability remains tied to national law. This mismatch between technical reality and legal jurisdiction is now one of the new frontiers of diplomacy and ethics.

Rachel added another subtle point: citizens are not a monolith. Some want very simple assurances ("someone I trust has checked this"), while others – especially those already working with AI – want full audit trails and technical detail. Future governance solutions must serve that spectrum of trust needs, not just a lowest common denominator.

Collaboration: Open Standards, Federated Learning and Trust Contracts

Asked where collaboration efforts should focus, the panel converged on three big "horses to back":

  1. Open Data Standards

    • openEHR and HL7 FHIR as the backbone to prevent vendor and platform lock-in

    • data standardised once, re-usable across EHRs, analytics, AI and cross-border exchange

  2. Federated Learning and Local Retention of Data

    • AI models can be trained across multiple sites without moving raw patient data, as seen in COVID-era pilots for predicting oxygen needs

    • This keeps privacy and sovereignty intact while letting insights "go global"

  3. Data Sharing Agreements and "Trust Contracts"

    • Examples like GISAID in genomics show how well-designed trust frameworks can save lives, by enabling rapid, global sharing of sensitive data during a crisis

    • The same approach is urgently needed for rare diseases and advanced therapies, where no single country has enough data alone

Put together, these three building blocks sketch a model where data stays rooted, standards travel, and insights circulate.

Beyond Compliance: Proving Trust, Not Just Asking for It

A powerful intervention from the audience came from Tiago Taveira, representing MTG and speaking as both a former family physician and technologist.

His central question: how can we move from "trust us" to "prove it cryptographically that nothing bad happened"?

He pointed towards:

  • Redundant, open, cloud-agnostic infrastructures

  • Greater code transparency for vendors (allowing clients to see, if not change, the code running in their environments)

  • Client-side encryption with hardware security modules – where keys never leave the institution, making it technically impossible for a provider to peek at data even if they wanted to

Tiago urged healthcare to learn from defence-grade security, especially as genomic and longitudinal health data become strategically valuable assets – not only for innovation but potentially for hostile use.

David echoed the concern: in a world where shutting down EPRs could paralyse a country's health system within hours, data security is now squarely a national security issue.

Communicating Complexity Without Losing Citizens

This raised a final challenge: how do you explain all of this to citizens?

Rachel's answer:

  • Some citizens will want to see the cryptographic details, and systems must be capable of providing that level of transparency.

  • Others will prefer recognisable assurance marks – "kite marks" or seals showing that an independent body has audited the governance and security of a given platform.

Padma added that patients must not only be informed – they must be represented in governance:

  • sitting on boards that define rules for data sharing and cloud use

  • helping to design audit trails and interfaces that show, in human language, who accessed their data and why

Her analogy was simple and effective: we all see our bank transactions online; health data should offer the same degree of visibility – not because people will check every day, but because knowing they could change the trust equation.

Anchoring It in "Data First, AI Later"

Although the panel's title focused on cloud, the conversation sat squarely inside the wider "Data First, AI Later" movement championed by the Health Data Forum, Health Parliament India and their partners. The movement argues that AI in healthcare can only be ethical and effective if it rests on solid foundations of data integrity, governance and transparency.

What this session made very visible is that cloud governance is one of those foundations:

  • Getting ownership and stewardship right

  • Designing sovereignty-respecting architectures (hybrid, multi-cloud, federated)

  • Embedding open standards, strong contracts and patient voice into everyday operations

As the Data First, AI Later charter evolves into a joint framework for self-assessment, certification and capacity-building, the insights from Wales feed directly into that work: a shared understanding that trust is not a soft add-on, but infrastructure – as essential as bandwidth and compute.

The panel closed to applause, but the real work continues in the corridors, breakout tables and follow-up meetings: turning these principles into concrete architectures, contracts and conversations that make cloud not just powerful, but worthy of the trust that citizens are being asked to place in it.

Watch the full recording here
Share