This text explains various aspects of data security regarding the My Heath Guide project.
Data is stored on servers owned and controlled by Maldaba. The servers are physically located in the UK, as are the back-ups. The hosting company, Tsohost, is working towards ISO certification (international standards of information management). The servers are dedicated for My Health Guide. That means that the only activities on the servers and the only information stored on the server is related to My Health Guide and its users.
Tsohost monitors the servers 24 hours a day, 7 days a week. They are responsible for maintaining the security and stability of the server itself (not My Health Guide specifically, that responsibility lies with Maldaba). Tsohost operate the firewall protecting the servers, and monitor access to the servers to keep them secure. Back-ups of the data are taken by Tsohost every day and are stored in a different location to the live servers (still within the UK).
Tsohost staff have access to the servers in order to keep the operating systems and underlying software up-to-date (“patching”). Maldaba staff have access to the servers to maintain, support, upgrade and enhance My Health Guide. The only other group of people with access to the data on the servers are My Health Guide app users (who can only access their own data) and remote users with whom the app users choose to share their boxes (and where applicable, have been vetted by their own organisation to access the app data).
Non-personally identifiable data may be shared between Maldaba and relevant third parties (such as the NHS Trust providing the licences to users for example) in order to monitor app usage, and to compare this to provider-data to identify impact on patient outcomes. Data sharing is restricted only to app users who have entered the provider licence token. The provider exclusively has access to this analysis for users where the provider is paying for the licences. Other app users’ data is not shared.
Data transmission occurs in two contexts. Firstly when transferring data between the app and the My Health Guide servers. Secondly when transferring data between remote users’ web browsers and the My Health Guide servers. In both cases, data is transferred using Secure Socket Layer (SSL) certificates to encrypt data in transmission. This is the “padlock” technology used when purchasing items on the internet and ensures the data remains encrypted between the two end points (the servers, and the app or web browser) to protect the data whilst in transit. Our SSL certificate is renewed annually. At the time of writing our SSL certificate uses AES 128 bit encryption.
App users can choose to share any combination of boxes in My Health Guide with any combination of contacts in their My Health Guide contacts lists. Contacts must have an e-mail address in their entry in My Health Guide in order for app users to share boxes with them. Once the app user has shared a box with a contact (and has synchronised the app with the servers by connecting their tablet to the Internet and opening My Health Guide) the contact will be able to see all content within the box (and the app user’s activity in the shared box such as adding, editing, deleting content) using the remote interface. In some cases provider organisations may additionally require that shares with remote users are vetted before remote users can access app users box content.
App users can choose to un-share boxes with contacts at any time. Remote users can also choose to leave a box share via the remote interface. Where remote users are accessing box shares in a professional capacity, the provider organisation may also chose to force an un-share if they deem the share is no longer appropriate (for example if a clinician no longer works with an app user, and it has not been possible to remove the share by other means). This is done using the remote interface.
My Health Guide offers remote access for users with whom the app user chooses to share boxes. At the time of writing remote access to box content is via the remote interface accessed in a web browser (and linked to from the My Health Guide website). New remote users must sign-up to the remote service by creating an account. Existing remote users will be prompted to login to access the shared content. Users choose their own passwords when creating their account, and passwords are stored using one-way encryption. Maldaba staff cannot retrieve remote users’ passwords though Maldaba can reset passwords where required. Where remote users are accessing content in a professional context, their employer may additionally require that the share is vetted by someone at the employer organisation before the remote user may access the shared content. Employer administrators can see which app users have shared with which employees at the organisation, and can force un-shares where necessary. This is restricted only to staff at the administrators’ organisations. Administrators at one organisation cannot see details of shares with staff at other organisations or with private individuals, regardless of which licence token the app users have entered.
For further information please contact us.