Architecture and Integrations

Patients Know Best is hosted on a Cloud Platform. PKB services run on isolated networks. These networks are connected to other networks through firewalls. The UK system is connected to the internet, and the UK system is peered to the HSCN network through a dedicated link.

PKB commits to 99.9% uptime and recovery time objective is 60 minutes, recovery point objective is 10 minutes. All of our services are containerised and run on redundant, resilient clusters. Data and backups are stored across multiple data centers. Infrastructure software and hardware upgrades are done automatically and gradually without service interruption. PKB use the infrastructure-as-code approach that ensures we can re-provisioned automatically in disaster scenarios. PKB carries out disaster recovery rehearsals every 6 months.

As part of PKBs business continuity processes a full database backup is produced nightly, and stored off-site. PKB also has the capability of point-in-time recovery, i.e. PKB is able to reproduce the database state at a given point in time.. PKB have multiple layers of profiling and monitoring tools in test, staging and production environments.

A full overview of PKBs business continuity and disaster recovery policies can be found on our dedicated governance website.

Information around the security and encryption model can be found here.

Interfaces PKB uses to interact with customers and clients:

• HL7 v2 API.

  • Inbound connections only

  • Authentication through username/password and IP whitelisting

  • HTTPS only (TLS v1.0 and above)

• EMIS Extract Services

  • Outbound connections only (PKB fetches data from EMIS)

  • EMIS offers an SFTP service containing GPG-encrypted CSV files

• REST APIs (including FHIR-compatible APIs)

  • Inbound connections only

  • Authentication through OAuth2

• Web UI

  • Authentication through email/password or SSO

  • OpenID authentication - Supporting the NHS App and NHS Login integration

  • HTTPS only (TLS v1.2 and above)