Security and Privacy - For Dialysis Centres

If you operate a dialysis centre which is either sending or receiving temporary patients, you have a duty to safeguard those patients’ data.  Using DialysisAway not only demonstrates your commitment to information governance and GDPR compliance, it gives you the reassurance that the counterparty centre will also be adhering to similar standards in the way it is managing patient data during the trip.

The current process for coordinating dialysis away from base

In order to facilitate dialysis away from base, two dialysis centres exchange certain personal and medical data.  The process is infrequent, involves a little over a week of treatments on average and the two centres typically interact on a one-off basis for this purpose. The current process is slow and time consuming, requiring patients to give up to three months’ notice.

Coordinators play the lead role at each unit and the process requires the involvement of clinical staff.  Data communication and storage is at the discretion of users. Information is typically exchanged using paper forms, email, fax and telephone. Records are typically stored on paper, PC and shared drives.

 

Once patients secure provisional slots at a destination centre, coordinators manage the data exchange required for the patient to travel.  Patients are advised to book travel well in advance, but have limited visibility over the status of the process, increasing stress and apprehension as travel dates approach.

How does DialysisAway compare to the current process?

DialysisAway is specifically designed to address the shortcomings of the current process around efficiency and GDPR compliance.  It creates a secure channel which the two centres can use for transmitting and storing relevant data at each stage of the process, giving users the ability to eliminate less secure methods.

 

Even when encrypted email is used, there is no guarantee that the receiving centre can decrypt it.  In the event of an error or breach, the onus is on dialysis providers, typically as data controllers, to demonstrate that robust processes had been put in place to prevent it.

 

The sensitivity of the data involved means a data breach at any one of those points in the process could have material adverse financial and reputational consequences given the extent of the enforcement powers available to regulators under GDPR.

How does information governance compare in DialysisAway vs. the current process?

Unlike the current process, DialysisAway is specifically designed for GDPR compliance. It creates a secure platform for any unit to manage temporary dialysis which another centre can plug into for communications and data transmission.

Current Process DialysisAway
Process
Not defined
Clear workflow with status
Status
Not clear
Transparent to all
Reminders
Manual
SMS / email
Access to data
Offline / shared drive
Secure 2FA login per authorised user, with integrated user management
Visibility for patients
Limited
Full status via online login
Confirmation of slots
Offline
Integral part of workflow
Exchange of details
Offline email /phone / fax
Secure online process
Communication between centres
Offline email /phone / fax
Integrated secure messaging
Patient queries
Phone / email
Integrated secure function
Blood tests / swabs
Offline email / fax
Uploaded securely into the record
Doctor approval
Paper
Online, with secure uploads
Handover notes
Paper, if any
Integrated checklist and handover from both doctor and nurse
Patients payments
Offline exchange of details
Integrated secure payments option
Destination clinic treatment reports
If requested
Integrated checklist and upload, with treatment reports and handover notes for Sending Unit
Reintegration checklist
Depends on provider
Integrated
Staff absence
Process stalls
Alternate coordinator takes over
Trip record
Each party keeps their own
One secure, shared record of the whole trip

How does DialysisAway help dialysis providers to meet GDPR requirements?

Design

Our cloud hosted software is developed and updated with the principles of data protection by design and default and data minimisation embedded. It permits the whole coordination process to be conducted securely, yet transparently for authorised users, including patients.

Security

User access can be controlled by the dialysis providers to ensure staff only have access to the data they require for their role.

We have robust security measures in place, can assist with responding to data subject requests and allow control over the retention of the data stored within the platform.

We are Cyber Essentials and DSP Toolkit assured (NHS ODS code O4S4B).

Policies and Training

We have conducted a Data Protection Impact Assessment (DPIA) to ensure risks to the patients are mitigated.

We are in the process of seeking assurance against NHS Digital’s DCB0129 clinical risk standard.

We work in compliance with the requirements of ISO:27001.

Roles

We act as a Data Processor or Sub-Processor on behalf of dialysis providers, who are typically Data Controllers (as defined within the GDPR).

Providers make all decisions in relation to how the platform is used and the data that is uploaded and shared.

Providers define their lawful basis for processing patients’ personal data and ensure transparency provisions are in place with their patients, but this is no different than with current processes – it is just using a different method of delivery.

Teams

We have terms of service and a data processing agreement that set out our obligations in acting as a Data Processor or Sub-Processor.

Who plays which role in Information Governance?

The organisation regularly treating patients is typically the Data Controller. When another organisation, perhaps a privately run provider, treats patients on an outsourced basis under contract (for example under contract to an NHS Trusts), they may be considered a Data Processor.  Patients are the Data Subjects. Where our services are used, we are either a Data Processor or Data Sub-Processor. This means that we process patient data under the terms contained in our Terms of Service, to help our customers, typically Data Controllers (as a healthcare organisation) to provide a service to their patients.

How are we 'IG compliant'?

We have UK NHS Data Security and Protection Toolkit assurance (under NHS ODS code O4S4B). We also develop all our software under the principle of ‘Privacy by design’.

How do we keep data secure?

We follow best practice guidance from the UK’s NHS Digital, the UK National Cyber Security Centre (NCSC) and AWS. See here for detailed information. All data is encrypted when in transit (when it is sent) and at rest (when it is stored).

What data do we process?

The data we need to process is based upon requirements set by destination clinics in order to accept a patient for treatment. The data belongs to our customers as data controllers and relates to patients and staff (as users).

 

Patient data typically includes, inter alia, personal data, general medical data, data relating to dialysis treatment and message content (including patient queries and replies).

 

Staff data typically includes, inter alia, personal data (including role, organisation, contact details), message content and also metadata, signatures, login and other application-use related data.

Where is our data stored?

Data in the DialysisAway application is currently stored on the cloud in secure AWS data centres, located inside the EU.

Are we Cyber Essentials certified?

We have the Cyber Essentials certification (https://www.ncsc.gov.uk/cyberessentials/overview), a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us.

How do we send text messages?

We use Twilio to send SMS messages. You can read the Twilio privacy statement here (https://www.twilio.com/legal/privacy)

How do we ensure that the right person gets the message?

All logins are 2-factor authenticated, meaning that in order to log in, in addition to their password, a user needs to confirm their identity by way of a code sent by SMS and/or email.  Users need to keep their mobile phone numbers and emails up-to-date, as email offers a second option in case of poor cellular network availability.

How can we ensure that the data exchanged is accurate?

There is always a risk that inaccurate data may be uploaded due to human error but this is also a risk that exists within the current, paper-based process.  This is the responsibility of our customers and their authorised users.  DialysisAway provides a structured workflow in a secure location enabling not only the provision of information but the opportunity for users to check and clarify it.  Patient medical details need to be marked as complete. Details can then be verified by the sending unit doctor before approval to travel is granted.  Patient data is then available for review (and clarification if necessary) by the receiving unit coordinator and doctor, together with handover notes. Only then is treatment is prescribed by a doctor at the receiving unit. We are in the process of seeking assurance against NHS Digital’s DCB0129 clinical risk standard.

How much control do we have over the data stored within DialysisAway?

Our customers retain full control over who can access the data. DialysisAway does not make any decisions in relation to how the data is used or retained and act purely on the instructions of the providers (as set out in our terms).  

How does DialysisAway comply with information governance requirements?

We have NHS Data Security and Protection Toolkit assurance (NHS ODS code O4S4B).

We comply with the requirements of ISO:27001.  Our servers are hosted with Amazon Web Services (AWS) located in the EU. AWS holds ISO:27001 information security certification (among others) and all data is strongly encrypted at rest.

AWS operates on the basis of a ‘shared responsibility model’, with AWS being responsible for “Security of the Cloud” and DialysisAway being responsible for “Security in the Cloud”. In relation to “Security in the Cloud”, our application encrypts all data in transit, we enforce two factor authentication (one-time codes sent to a mobile phone and/or on email) for every user logging into the platform to protect against unauthorised access and users are automatically logged out of the system after a period of inactivity.  Our two-factor authentication provider, Twilio, holds ISO:27001 information security certification (among others).

We do not actively view or use any data contained within the platform other than when required for support or maintenance purposes.

How can DialysisAway assist with data subject requests?

Dialysis providers (our customers), are typically Data Controllers and are responsible for handling any requests from patients in relation to their data – this could be a request to access, delete or amend their data. We are able to correct, delete or extract any data relating to patients on request.

 

DialysisAway can assist with all these requests to ensure clinics are meeting their obligations in responding to such requests under GDPR or relevant local data protection legislation. Such requests should be addressed to: [email protected].