Solved

UK Data Protection Compliance and Best Practice for SAAS solution handling medical data.

Posted on 2015-01-17
3
189 Views
Last Modified: 2015-01-26
I am looking for a checklist for the key points for a secure design for a system based in the UK dealing with UK data that does the following:

1. Allows 3rd party companies (CO) to store very sensitive (medical) information about their customers.

2. Provides a web interface for supervisors from CO to access, read and modify that data which is owned by CO. This web interface is to be accessed by the public internet. Data is held in a relational database.

3. The system is provided under a SAAS model and hosted in its entirety by a hosting service.

4. Retains (for compliance, auditing and disaster contingency) an audit trail of the stored data as text documents.


I have tried to be deliberately simple in the description.

Separately, does this position vary significantly for the USA?
0
Comment
Question by:monoceros
3 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40555015
If you are talking health care when you say medical information then the rules here in the UK are very much tighter than in the US.  There are a lot of regulations that go a long way over and above the the data protection act.

You would need to define what is meant by medical data.
who would have access to it?
0
 
LVL 1

Author Comment

by:monoceros
ID: 40555050
This information is related to careworkers and their customers. So the information on customers may include medical history and details of the medications to be administered when the careworker visits.
0
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40555781
it should be encrypted with the Case Worker only having access to the decryption key.  The data must be stored only within the UK.  The caseworker must have access (read only) to session logs/audit logs.
0

Featured Post

Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Security perspectives to assess for APIs 1 61
Android Touch & Google API 7 36
Security Event Log - 4625 11 31
How long to crack a 8 chars alphanumeric password 18 83
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question