Solved

UK Data Protection Compliance and Best Practice for SAAS solution handling medical data.

Posted on 2015-01-17
3
185 Views
Last Modified: 2015-01-26
I am looking for a checklist for the key points for a secure design for a system based in the UK dealing with UK data that does the following:

1. Allows 3rd party companies (CO) to store very sensitive (medical) information about their customers.

2. Provides a web interface for supervisors from CO to access, read and modify that data which is owned by CO. This web interface is to be accessed by the public internet. Data is held in a relational database.

3. The system is provided under a SAAS model and hosted in its entirety by a hosting service.

4. Retains (for compliance, auditing and disaster contingency) an audit trail of the stored data as text documents.


I have tried to be deliberately simple in the description.

Separately, does this position vary significantly for the USA?
0
Comment
Question by:monoceros
3 Comments
 
LVL 37

Expert Comment

by:Neil Russell
Comment Utility
If you are talking health care when you say medical information then the rules here in the UK are very much tighter than in the US.  There are a lot of regulations that go a long way over and above the the data protection act.

You would need to define what is meant by medical data.
who would have access to it?
0
 
LVL 1

Author Comment

by:monoceros
Comment Utility
This information is related to careworkers and their customers. So the information on customers may include medical history and details of the medications to be administered when the careworker visits.
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
Comment Utility
it should be encrypted with the Case Worker only having access to the decryption key.  The data must be stored only within the UK.  The caseworker must have access (read only) to session logs/audit logs.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Steve Terp was featured in a video created by CRN about how "Channel Is Crucial To Market Disruption". Click on View source to see the video and article
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now