National Artificial Eye Service aims to ensure secure transmission of patient data
- Service becomes fully compliant with GDPR and NHS Information Governance Regulations for transfer of confidential or sensitive data
- User-friendly authentication with files of up to 5TB transferred easily and securely
- Full audit trail with real-time monitoring enabling termination of any suspect activity
- Highlights that a modern secure communications strategy requires more than encrypted email and a ban on fax machines
Henley-on-Thames (UK), January 8, 2019 — The National Artificial Eye Service (NAES) is currently piloting the use of XM SendSecure in order to address potential information governance issues around the transfer of sensitive patient information that had been identified by the IT team. As a national body covering England, it is important to be able to exchange sensitive information securely with people inside and outside the organisation.
“Communication with patients, consultants and other stakeholders involves the transmission of sensitive personal data, which falls under the regulatory umbrella of the GDPR, ICO and the NHS Information Governance regulations,” said Paul Aspden, Technical ICT Lead at the National Artificial Eye Service. “In order to be fully compliant, it’s important that file transfers are encrypted during transmission and at rest. As an added benefit, we also have an increased file size limit of up to 5TB.”
“With XM SendSecure, information exchange meets the highest compliance requirements, not just because the files are encrypted at rest and in transit, but also because of the use of two-factor authentication to restrict access to the intended recipients only,” said Sébastien Boire-Lavigne, Executive Vice President and CTO at XMedius. “Additionally, a comprehensive audit trail records every access to the data in the ephemeral SendSecure SafeBox. Together, these tick all the boxes for ‘privacy by design’ and ‘privacy by default’ as demanded by the GDPR.”
With a database of over 48,000 patients, the NAES, hosted within the Blackpool Teaching Hospitals NHS Foundation Trust, is part of the NHS and provides a manufacturing and fitting service for the supply of ocular prostheses to all eligible patients throughout England.
It is when communicating with external stakeholders that existing systems are either most exposed or cumbersome to use. Encrypted email systems typically require that all users are on the same system, or on the same domain in the case of nhs.net. Transmissions outside of the NHS domain are not fully encrypted and hence potentially insecure. They also suffer from file size limitations.
While the NAES was already fully compliant with all the data protection legislation, the team identified XM SendSecure as a viable approach of addressing all of these issues. When communicating with anyone outside the NHS or anyone that does not have expensive encrypted systems as standard, it offers a secure solution that is quick and easy to both use and to implement.
XM SendSecure will also form an integral part of the NAES Disaster Recovery Policy (DR), ensuring business as usual without security concerns when sending data externally to clinics and other stakeholders. With simple recipient two-factor authentication for access to a fully encrypted SafeBox, it provides the added benefit of a full, real-time audit trail.
The NAES has a track record of leading the way in the NHS with early adoption of technologies to save money and improve workflows. The organisation removed all fax machines four years ago and replaced them with their own electronic fax over IP solution, saving on dedicated fax lines and maintenance costs.
The Service is again blazing a trail with the pilot adoption of XM SendSecure for secure file transfers, which sits alongside fax over IP and NHS Mail as part of an integrated end-to-end communications strategy.
XMedius is a global leader in the field of enterprise communications solutions. Its suite of enterprise-grade on-premises and cloud communications solutions enable businesses to benefit from secure and unified communication, as well as to exchange sensitive and confidential data that meets and exceeds industry regulatory compliance requirements. Based in Montreal (Canada), with offices in Seattle (USA) and Paris (France), the company serves businesses, enterprises and service providers through a global team of customer focused employees. Its solutions are deployed worldwide across a number of sectors, including education, finance, government, healthcare, manufacturing, retail, and legal services. For more information about XMedius and its solutions, visit www.xmedius.com, and connect on LinkedIn and Twitter.
XMedius UK Media Contact:
Sine Qua Non International Ltd