CIPHERER

Case Study

NHS Digital: SUS+ National Data Platform during COVID-19

Client NHS Digital (now NHS England)
Sector Healthcare / Public Sector
Mission Move a national healthcare data platform to cloud without losing a minute of access during a pandemic response.
69M patient records (England-wide)

Stakes

The NHS Secondary Uses Service (SUS+) is the national repository for hospital activity data across England, covering the full patient population of roughly 69 million. During the height of COVID-19, SUS+ was the data foundation feeding pandemic response, vaccine research, and clinical decision-making at scale. The platform was running on legacy on-prem infrastructure that could no longer absorb the demand. It had to move to cloud, it had to move fast, and it could not go offline. Lives, vaccine programmes and a national emergency response were downstream of every decision.

Constraints

  • Live national platform: zero-downtime migration of records covering ~69M patients
  • Operating under high political and public visibility throughout the pandemic
  • Coordination across multiple third-party suppliers and government stakeholders
  • Strict information governance: NHS data is among the most sensitive in the country
  • Hard regulatory boundaries: every change accountable to clinical safety and information commissioner standards

Approach

Plan the migration as a clinical-safety event

We treated the migration not as an infrastructure project but as a clinical-safety operation. Every cutover step had a rollback, every validation point had clinical sign-off, and every data integrity check ran twice: once on legacy, once on cloud, then reconciled.

Zero-downtime data patterns on AWS

We built dual-write and continuous-reconciliation patterns so SUS+ could run simultaneously on legacy and AWS during the transition window. Cutover was a configuration switch, not a maintenance event. No clinician, no researcher, no analyst lost access to the data they needed during the migration.

Multi-supplier coordination under pressure

The programme spanned several suppliers, each owning a slice of the platform. We worked at the architecture and engineering interface, defining contracts, integration patterns and shared accountability so nobody was waiting on anyone, and nobody was duplicating work. Governance was tightened to the cadence the pandemic required.

Audit and integrity by default

Every data movement was logged, signed and traceable. Information governance teams could demonstrate the integrity of the migration end-to-end without needing to reconstruct it after the fact.

Deliverables

  • Zero-downtime migration of the NHS SUS+ platform from legacy on-prem to AWS
  • Dual-write and continuous-reconciliation data patterns for safe cutover
  • Hardened information governance posture across the migrated estate
  • Multi-supplier coordination model and engineering operating cadence
  • Audit and integrity logging meeting NHS Digital governance standards
  • Operational handover to the long-term platform team

Outcome

SUS+ remained available to clinicians, researchers and the national pandemic response throughout the migration window. National healthcare data continued to flow securely to vaccine research, public health analysis and clinical decision-making, with no loss of integrity and no service interruption. The platform was running on cloud infrastructure ready for the next decade of demand.

Stack

  • AWS ECS
  • AWS S3
  • Apache Spark
  • Terraform
  • GuardDuty
  • AWS CloudWatch
  • GitHub Actions

Compliance posture

  • NHS Digital information governance
  • SOC 2 alignment
  • Clinical safety review
  • ICO data protection

Related capabilities