A key consideration for any remote access service is the requirement that patient data is safe and protected. There are many rules that govern controls and protection when accessing systems and application remotely. Some of these rules are provided via national guidance and others are defined and managed by the local health and social care organisation (by their Caldicott Guardian) and as part of end users terms of service usage. The list below is only a small sample of some of the high level security considerations.
Provision of a securely managed remote access service platform adhering to ISO27001 standards:
- Locally managed services compliance
- Cloud based solution accreditation
Ensuring remote access users are authenticated onto the platforms:
- The correct authentication architecture is deployed e.g. Users are only allowed access to services/ applications that they are authorised to use.
- Adherence to current NHS Data Security and Protection Toolkit, CESG and GDS security principles
- Appropriate tools to monitor and audit usage of services
- End user management
- Ensuring that software updates and patches are applied
- Password management /User authentication management
Device/machine management:
- Ability in managing lost or stolen devices effectively
Central remote access infrastructure security
- Firewall management
- Patching management
- Anti-Virus management
The items above are just a very small sample of key security considerations. Open a detailed view of the security requirements and obligations for NHS IT systems, administrators and users.
Data Security and Protection Toolkit