Security and Privacy - Principles

What does DialysisAway do?

Our software makes it easier and more secure for dialysis centres to manage the process of receiving and sending temporary dialysis patients. Dialysis centres can exchange all the required details and clarifications securely via our online platform, following a standard workflow and creating a comprehensive trip record.

GDPR principles

The GDPR sets out seven key principles that must be met to ensure any organisation is fulfilling its data protection obligations. These are:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Data accuracy
  • Storage limitation
  • Security
  • Accountability

The “Accountability” principle is important to highlight as it requires organisations to be able to demonstrate their compliance with GDPR. That means having clear and secure processes in place to ensure personal data, and particularly special category data (including health data), is not being handled in a way that creates unnecessary risk to the individuals concerned.

 

DialysisAway acts as a “Data Processor” or “Sub-Processor” on behalf of its customers, dialysis providers, who remain “data controller”, that is, the party who must ensure their use of personal data is lawful and that the associated processes are robust.  Regulators have a number of enforcement powers available to them (including the ability to fine companies) for non-compliance with GDPR.  Such enforcement action normally follows a data breach but focuses on an organisation’s internal policies, processes and overall approach to data protection, and what could have been done to prevent the breach from occurring. 

 

DialysisAway enables dialysis providers to mitigate or remove some of the risks that exist in the current process for coordinating temporary dialysis, especially with regard to the manual transmission of patient data by various potentially insecure methods.

Our Principles

We work in compliance with relevant information governance standards

The UK NHS and government set standards to ensure all organisations using health data keep it safe and use it ethically. We make sure we meet all required standards:

We use best practice security technology

All data is encrypted both at rest and during transmission. This helps ensure that the only people who can access it are those authorised to do so.

We set strong identity controls

We use 2-Factor authentication to verify identity.

We work with safe and secure data partners

We work with certain other organisations to support the delivery of our platform, for example to  store data securely in the cloud. We only work with those who meet our high standards.