Solved

UK Data Protection Compliance and Best Practice for SAAS solution handling medical data.

Posted on 2015-01-17
3
188 Views
Last Modified: 2015-01-26
I am looking for a checklist for the key points for a secure design for a system based in the UK dealing with UK data that does the following:

1. Allows 3rd party companies (CO) to store very sensitive (medical) information about their customers.

2. Provides a web interface for supervisors from CO to access, read and modify that data which is owned by CO. This web interface is to be accessed by the public internet. Data is held in a relational database.

3. The system is provided under a SAAS model and hosted in its entirety by a hosting service.

4. Retains (for compliance, auditing and disaster contingency) an audit trail of the stored data as text documents.


I have tried to be deliberately simple in the description.

Separately, does this position vary significantly for the USA?
0
Comment
Question by:monoceros
3 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 40555015
If you are talking health care when you say medical information then the rules here in the UK are very much tighter than in the US.  There are a lot of regulations that go a long way over and above the the data protection act.

You would need to define what is meant by medical data.
who would have access to it?
0
 
LVL 1

Author Comment

by:monoceros
ID: 40555050
This information is related to careworkers and their customers. So the information on customers may include medical history and details of the medications to be administered when the careworker visits.
0
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40555781
it should be encrypted with the Case Worker only having access to the decryption key.  The data must be stored only within the UK.  The caseworker must have access (read only) to session logs/audit logs.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MS hosted exhange security 2 46
Lightweight Networking 9 61
Can not open an anonymous level security token 2 44
Tracking uptime for a bunch of sites 3 36
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question