We are frequently asked by potential users about patient confidentiality and data security. This article explains in straightforward terms the measures that we take to protect your data.
To understand how we maintain the integrity of your data, it’s worthwhile recapping on how WriteUpp works. WriteUpp is a cloud-based application. This isn’t particularly useful terminology as it implies something ethereal and anything but secure. In reality, cloud-based software is extremely secure and it is now the preferred software model of pretty much all major software vendors, including Microsoft (Office 365 is the cloud-based version of Microsoft Office).
In a cloud-based model, the application software (the stuff that you typically have to install on your PC) and your data (i.e. your patient records) are stored on our servers in a secure data centre. When you use WriteUpp, you are given your own personal URL, such as mypractice.writeupp.com along with a username and password that you use to access the software.
When you enter your personal URL into your chosen web browser (Google Chrome, Firefox, Internet Explorer or Safari) everything you see on your screen (application and data) has been sent to your computer over the internet from our servers, which are stored in a secure data centre. Importantly, no data is ever stored on your computer/device and there is no software to install.
These are the basic principles of cloud-based software. We’ll now explain what we do to keep your data safe.
Microsoft Azure (our hosting platform) provides us with geo-redundant storage. In short, we maintain six copies of your data. Three copies in our primary location and another three copies in a separate secondary location. We also have the flexibility to switch these locations in the event of legislative changes or geo-political threats. Our primary and secondary locations are both in the EU.
The video below demonstrates why we have chosen to invest in Microsoft to protect your data:
In selecting Microsoft Azure we wanted to work with an organisation that upheld the highest standards of privacy and data protection. We also wanted access to state-of-the-art tools to help us manage and secure your data. Here are some of the global companies that rely on Microsoft Azure – Customer & Partner Success Stories
In the event of outage our team assess the nature of the issue and take appropriate action. Clients are notified by email that an issue has arisen and the expected resolution time. Clients also have the ability to log tickets via our helpdesk system which resides on separate cloud-based infrastructure.
Encrypted in Flight
When data is being sent from your browser to our server it is encrypted using 256-bit encryption. This means that the data can only be interpreted using a specific key that resides on our server. You will know this is working because the address in your browser will begin with “https”. If you would like to know more about HTTPS & SSL, click here.
As well as developing WriteUpp, we (Pathway Software) work extensively with the NHS both on and off site. This means that our staff have access to Patient Identifiable Information (PII) on a daily basis. As part of our pre-existing contracts with the NHS, our staff are all background checked using Dun & Bradstreet. In addition, they are required as part of their employment contract to undertake Acceptable Use of IT Training, Acceptable Use of Mobile Devices Training and PII training.
We are also accredited to have remote access to NHS Servers in three different Trusts from our offices here in Chester.
WriteUpp provides a mechanism for you to delete patient records from the system should an individual no longer be a client of the user or if the client requests their data to be deleted.
In the event that you choose to unsubscribe from WriteUpp your account and client details will be deleted after a 45 day “cooling off” period.
Pathway Software, the developer of WriteUpp, is registered with the Information Commissioners Office (ICO). ICO is the Government office responsible for the enforcement of the Data Protection Act 1998 - Our registration number is Z2865352
If you have any further questions or concerns about the way we protect your data please contact support via firstname.lastname@example.org
Need More Help?
We understand that not everything is black and white, so if you need some help, click "Submit A Request" ticket and one of our team will help you out as soon as possible.