Information Security Within The PASSsystem
This provides information for everyLIFE customers about the security of information held within The PASSsystem.
What is The PASSsystem?
The PASSsystem is a digital care planning, monitoring and inclusion solution that has been developed by everyLIFE Technologies. It is available for care providers to purchase to manage their care business. When a care business buys The PASSsystem, they maintain all care records on the system instead of paper records.
At everyLIFE, we take the security of personal information very seriously and have taken technical and organisational measures to ensure the security of the information that we hold. We are registered with the Information Commissioner’s Office (ICO) and adhere to their information governance standards as demonstrated through self - assessment and submission of the IG Toolkit. All our employees have received the NHS Digital Data Security Awareness Training which meets the minimum mandatory requirement set out by the ICO. We are ISO 27001 certified / accredited, having achieved compliance for the last two consecutive years. ISO 27001 is the international standard which is recognised globally for manging the risks to the information that you hold. This includes, inter alia, having in place policies and procedures for establishing, implementing and monitoring an information security management system. In addition, we take the following measures to protect the information contained within the PASSsystem. These include:
- Access control for care workers that is differentiated between that afforded to care managers
- We have had an independent penetration test of our system performed by Portcullis, who are an IT Security Company part of Cisco
- The database is not public facing and access is secure due to its location behind two highly protected gateways that would need to be overcome to gain access
- We take a backup, 5 times per 24hr period and store one of these in a geographically separate data centre
- We have cluster infrastructure which means that if the database were to ‘break’, another would kick in within a matter of seconds
All customer data is stored at data centres in the UK, with a back up of this data stored separately in Ireland.
Data confidentiality means that it must not be possible for any unauthorised users to view your data. To achieve this all data must be encrypted in transit and at rest.
- In transit refers to anytime data is transmitted between server and database, or over a network between our servers and a care worker's mobile application, for example.
- At rest refers to anytime data is stored on our servers or databases.
Security & Confidentiality – Data in Transit
All data transmitted to and from the web and mobile applications is encrypted using industry standard secure https connections. We use SSL certificates to verify the identity of the server the data is sent to. This is the same type of encryption used to secure internet banking details and is proven to be secure.
Security & Confidentiality – Data at Rest
Particularly sensitive data at rest on our servers is also hashed. Hashing is different from encryption, as encrypted data can be decrypted with the encryption key. Hashed data can never be reversed to reveal the original input data. We hash all passwords in addition to our transport encryption, so not even authorised users with access to the database could ever discover a user's password. everyLIFE are responsible for securing access to your data in our cloud infrastructure. Security of the cloud infrastructure itself is provided by Amazon who are the market leaders in cloud web services. For more information on the security provided for our services by Amazon, see https://aws.amazon.com/security/ for more details. Amazon are also audited by an independent third party to verify they are providing the services they state with specific regard to security, availability and confidentiality. See https://aws.amazon.com/compliance/soc-faqs/ for more details.
Data integrity means verifying that no-one can edit or manipulate data they should not have access to. This requires effective access management. At everyLIFE, we have a process for managing access to information within The PASSsystem, ensuring that only those individuals whose job role requires them to have access to information can do so.
We architect The PASSsystem for high availability. This means that we expect hardware failures to occur and build our platform with this in mind. Many elements of our service span data centres called Availability Zones and The PASSsystem can continue to run in the event of a hardware failure or even the sudden loss of an entire Availability Zone. All customer data is backed up regularly and stored on highly durable storage in a separate physical location from the source of the backup. The IG Toolkit is an online system which allows organisations to assess themselves or be assessed against information governance policies and standards and sets out what health and care organisations must do to look after information properly. It also allows members of the public to view participating organisations’ IG Toolkit assessments.
The PASSsystem has proved completely intuitive to use, even for the least technical care assistant – a revelation.
My Supervisors no longer spend 65% of their time in the office typing up notes taken at assessment meetings – they do it once with the customer, and get it right from the outset. My Supervisors now spend 90% of their time out in the community – better care, improved support for care workers, and more assessments.
We saw the service had made improved use of information through the implementation of The PASSsystem for assessing the quality of the service provided, including the consistency of care provided to individuals. The PASSsystem has the potential to provide the service with a greater range of information which can be utilised for Quality Assurance. This will include outcomes and tasks completed and missed. Operational statistics will include reviews and staff supervision as well as analysis of nutritional and hydration information entered by staff.
The system reduces the time and cost of setting up care plans for patients going home from hospital by 50%. This has delivered a £20K saving to my bottom line.
By listening carefully to the care industry, everyLIFE have developed a solution that greatly helps join up the provision of customer-centred care. They are on a mission to bring the much needed technical answers to the business challenges we are all facing. I very much look forward to seeing the new functionality they have in the next release and beyond.
I implemented The PASSsystem in three weeks and my customers are already seeing the benefits in quality of care.
It’s easy to use and with the training provided, all staff like the system. Any office implementing it will save a substantial amount of supervisor time.
The whole process from initial enquiry to going live was quick, efficient and easy and the support we received from the team at everyLIFE was second to none. I would recommend PASSsystem to any care company.
A really important advance for care, The PASSsystem provides care notes and completion notes instantly so we can react immediately to missed medications and other urgent care alerts.
Easy to use, extensively tested and developed by people that understand care, The PASSsystem is unique and robust at solving the critical challenges faced by the industry.