The PKB infrastructure is hosted by Carelink in the UK, a specialised Health and Social Care Network (HSCN) - formerly the N3 network - hosting provider. Carelink is one of a shortlist of hosting providers to be certified to the stringent ISO 27001 standard. All facilities are tier 4 data centres (Telehouse, Docklands and Equinix, Heathrow). Additionally, Carelink holds the following accreditations: ISO 20000, ISO 9001.

No data is processed outside of PKB’s core infrastructure, or by contractors or third parties. All data processing is completed and controlled in-house, additionally no data is processed outside of the HSCN network.

HSCN (N3) Sandbox

PKB provides a sandbox environment, hosted as above, for clients wishing to test without leaving the HSCN firewall.


PKB sandbox is hosted by Rackspace.


Nightly data backups are facilitated via CareLink through Asigra, these backups are fully encrypted with no unauthorised access to clinical data possible.

Data is encrypted to disk as above with a second layer applied by Asigra: 3DES 56bit with public and private keys stored separately. PKB employs RAID5 for our database servers, utilizing an array of SSD’s.

PKB makes use of CareLink’s hardware firewalls (Check Point FireWall-1, running version 77.30) to protect our infrastructure against attacks and unauthorized entry as well as system level firewalls.


PKB utilizes live asynchronous replication to a secondary server (mirroring) enabling point-in-time recovery.

Disaster Recovery

Patients Know Best ( ‘PKB’ ), maintains a prioritised focus on Business Continuity Planning & Disaster Recovery [BCP / DR] in the event of an unexpected disruption in service [PKB application, web portal or API] or business operations. Plans and processes are documented and in place to support timely recovery of critical business units, systems and processes.

PKB maintains contractual arrangements with its providers for disaster recovery services and routinely conducts recovery tests. PKB has an established Business Continuity Program that continuously assesses business impacts, updates business continuity plans, and validates the plans through testing. Contractual agreements are in place with providers to assure that information can be retrieved under all circumstances.

More information at