Security

Overview

Patients Know Best has completed the 2019/2020 NHS Digital Data Security and Protection Toolkit, our ODS Code being 8HM56, certification viewable here for 2018-2019/2019-2020, (formally the NHS Information Governance Toolkit - of which PKB consistently met and exceeded level 3 status) for handling and managing data and associated security. PKB also holds a Cyber Essentials Plus certification - viewable here.

Encryption

PKB encrypts all data in transit and at rest.

  • Data at Rest: Data at Rest means data that is not moving or in motion between devices or components. The stored state of data held by PKB.
  • Data in Transit: Data in Transit is data that is in motion through servers, network components and on to devices or systems. The active state of data held by PKB.

PKB mandates the use of TLS 1.2 or above for web and REST API sessions, and at least TLS 1.0 for HL7 sessions.

PKB applies another, unique encryption to Special Category data to mitigate against internal adversaries, data leaks due software bugs, etc.

There are some important concepts in PKB’s security model:

  • ‘user’ - someone who is in possession of an identifier (like name) and a secret (like a password). A ‘user’ has a public/private key pair, where the private key is encrypted with the secret. Currently RSA1024 is used for PPK cryptography, PKB is in the process of migrating to more modern PPK algorithms.
  • ‘account’ - a record that holds medical data. An ‘account’ has a public/private key pair where the private key can be shared with one or more ‘user’, and it is encrypted with the user’s private key.
  • ‘account symmetric key’: an AES256 key that encrypts medical data belonging to an account. This key is encrypted with the account’s private key.

When PKB stores a data point, it obtains an AES256 key, encrypts the data, stores it in the account, and encrypts the AES256 key with an account public key. When PKB retrieves a data point, it obtains the user private key (using the secret the user provides), then the account private key, then the account symmetric key, then decrypts the data.

Data sharing is achieved by decrypting account private keys and re-encrypting them with the recipient user’s public key.

The above means that:

  • Data stored at PKB is hidden from PKB employees
  • PKB does not store passwords and does not even store password hashes
  • PKB does not have a master key to encrypted Special Category data, in other words we are unable to access this data ourselves