Secure File Uploader
Working with the NHS means dealing with sensitive patient data, so it is vitally important to handle this data securely. Here's how we approached this challenge.
Anonymising data at the source
One of the critical decisions we made early on was that data ought to be anonymised at source, i.e. before it ever reaches our servers. This adds a layer of security, ensuring patient identities are protected even before transmission.
The challenge
While this makes good sense from a security standpoint, we could not find any existing software that met our strict criteria of using state-of-the-art security and being simple enough for clinicians. So, we had to build it ourselves.
Our Secure File Uploader is simple to use and highly secure, demonstrating our dedication to innovating and improving the NHS using the latest technologies.
The Problem
Clinican's Don't Want To Install Extra Software
The idea was to give clinicians a tool for censoring sensitive data locally and then encrypting it before sending it to our servers. Once received, we would decrypt and store the anonymised data for use in reports and analysis.
However, we soon realised why such a tool is rare in the industry: clinicians often avoid installing software, as it typically requires IT department approval, which can be slow. As a result, most organisations request uncensored data and handle anonymisation themselves, creating a security risk. If a hacker accesses a 3rd party’s database keys, they can extract uncensored data before anonymisation.
Our Solution
A Browser-Based Secure File Uploader
This was not good enough for us, and we felt there must be another way. One that didn’t require clinicians to download software and allowed them to censor and encrypt their data locally.
The solution was found in the latest state-of-the-art web technologies. Harnessing the potential of modern web browsers, we have built the censoring and encryption engine into our website.
The user simply logs in to our hub website and selects their file on their computer, and the censoring and encryption are all done within the browser.
The engine has some smart defaults to anonymise standard fields like NHS numbers, names, dates of birth, etc., but the clinician has complete control over what should be censored. They then click the “encrypt and upload” button, and the data is encrypted using the latest streaming-encryption methods and uploaded to our servers.