Data Security

 
 

 Secure Data Centre

Data must be stored securely. We utilise ultra secure ISO 27001 compliant hosting solutions based in an ex-nuclear bunker in Kent. This provides the highest physical and logical security available. During 2015 Prescribing Services successfully completed IGSoC for the provision of an N3 connection directly into the Bunker. This allowed the creation of a hosting zone completely within the N3 network and only available to users within the N3. Server access is highly restricted both physically and logically. All access is restricted by role based access only to those employees with a direct need to access the servers and is constantly monitored and audited.

High Level Encryption

 

Depersonalised Data

Patient Consent

Our systems prevent any data from being transmitted for patients that have opted out of record sharing. These patients would need to actively opt in to allow their data to be transmitted by the system.

Explicit consent allows the de-personalised data to become pseudonymised and available to authenticated users within the N3 network.

GP Data Extract

GP Data is extracted and sensitive data is removed. This creates two datasets. The first contains de-personalised data used for data analysis, alerts and information for Advice and Guidance requests. The second contains information to allow pseudonymised data to be viewed within N3 network. This data is fully encrypted to allow secure transmission of data to our high security data centre.

 
 

Data Handling and Storage

Data is stored encrypted within the Prescribing Services Datacentres. These are high security data facilities with dual N3 connectivity. 

Only De-personalised data can be accessed through this interface.

Pseudonymised data is stored in a restricted access datacentre and is only available within the N3 network with enhanced permission and explicit patient consent.

Access Rights

Access is restricted to healthcare professionals with NHS email addresses and 2 factor authentication is mandatory for all users.

Pseudonymised data access is limited to GPs accessing the N3 network for their own patients and approved individuals with explicit patient consent.

Data Filtering

Our systems prevent any data from being transmitted for patients that have opted out of record sharing. These patients would need to actively opt in to allow their data to be transmitted by the system.

Explicit consent allows the de-personalised data to become pseudonymisedand available to authenticated users within the N3 network.

Data that could lead to the identification through its uniqueness is removed by our system.

Data deemed to be sensitive by NHS England is filtered at source.

Complete Patient Privacy

Patient Consent

  • Data is only extracted for patients that have not opted out of data record sharing using the approved HSCIC codes.

  • Patients that have opted out will need to explicitly opt in to allow their data to be extracted from practice systems.

  • Patients are encouraged to explicitly opt in to allow their de-personalised data to become pseudonymised information and allow access by authorised healthcare professionals.

Pseudo-anonymised patient data

  • Practice identifier

  • Anonymised patient identifier (this is MiQuest number for SystmOne practices and the Anonymised Patient ID for EMIS)

  • Internal reference for EMIS (EMIS Number)

  • NHS Number

  • Date of Birth

Data hashing

NHS number and date of birth are hashed using an
HSCIC approved 256bit hashing algorithm.