Solved

UK Data Protection Compliance and Best Practice for SAAS solution handling medical data.

Posted on 2015-01-17
3
187 Views
Last Modified: 2015-01-26
I am looking for a checklist for the key points for a secure design for a system based in the UK dealing with UK data that does the following:

1. Allows 3rd party companies (CO) to store very sensitive (medical) information about their customers.

2. Provides a web interface for supervisors from CO to access, read and modify that data which is owned by CO. This web interface is to be accessed by the public internet. Data is held in a relational database.

3. The system is provided under a SAAS model and hosted in its entirety by a hosting service.

4. Retains (for compliance, auditing and disaster contingency) an audit trail of the stored data as text documents.


I have tried to be deliberately simple in the description.

Separately, does this position vary significantly for the USA?
0
Comment
Question by:monoceros
3 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40555015
If you are talking health care when you say medical information then the rules here in the UK are very much tighter than in the US.  There are a lot of regulations that go a long way over and above the the data protection act.

You would need to define what is meant by medical data.
who would have access to it?
0
 
LVL 1

Author Comment

by:monoceros
ID: 40555050
This information is related to careworkers and their customers. So the information on customers may include medical history and details of the medications to be administered when the careworker visits.
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40555781
it should be encrypted with the Case Worker only having access to the decryption key.  The data must be stored only within the UK.  The caseworker must have access (read only) to session logs/audit logs.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now