Decision Data
All articles

Journal

Introducing the Secure File Uploader

1 min read

Working with the NHS means dealing with sensitive patient data, so it is vitally important to handle this data securely. One of the critical decisions we made early on was that data ought to be anonymised at source, i.e. before it ever reaches our servers. While this makes good sense from a security standpoint, we could not find any existing software that met our strict criteria of using state-of-the-art security and being simple enough for clinicians. So, we had to build it ourselves.

The idea was to provide clinicians with a tool for locally censoring sensitive data files and then allow them to encrypt the file before sending it to our servers. We then decrypt the file and store the already anonymised data in our databases to serve our dynamic reports and analysis tools. However, we soon realised there was a reason why such a tool doesn’t currently exist in the industry. The problem is that clinicians don’t want to download and install software (or, more likely, must request installation from their IT department) just to send us some data. For this reason, the industry tends to request uncensored data and then perform the anonymisation process themselves. This creates a potential attack vector for hackers who gain access to a 3rd party’s database encryption keys and can extract the uncensored data before the anonymisation process is completed.

This was not good enough for us, and we felt there must be another way. One that didn’t require clinicians to download software and allowed them to censor and encrypt their data locally. The solution was found in the latest state-of-the-art web technologies. Harnessing the potential of modern web browsers, we have built the censoring and encryption engine into our website. The user simply logs in to our hub website and selects their file on their computer, and the censoring and encryption are all done within the browser. The engine has some smart defaults to anonymise standard fields like NHS numbers, names, dates of birth, etc., but the clinician has complete control over what should be censored. They then click the “encrypt and upload” button, and the data is encrypted using the latest streaming encryption methods and uploaded to our servers.

Our Secure File Uploader is simple to use and highly secure, demonstrating our dedication to innovating and improving the NHS using the latest technologies.