Cupris Data security
Cupris takes information governance and the security of patient data extremely seriously.
It is at the heart of everything that we do.
Cupris is compliant with all relevant information governance and data protection standards:
- NHS Information Governance Toolkit
- Cyber Essentials
- Data Protection Act
- Caldicott Principles
- Cupris is registered with the Information Commissioner’s Office
UK-based N3 approved servers
- We use UK-based data servers
- Supplied by a company that is approved to provide N3-connected services
End to end encryption
AES 256 encryption is a standard required by NHS Digital
All data is AES 256 encrypted on a user’s phone and on our UK-based servers
SSL 2048 bit encryption is used on data transit so that no one can carry out a ‘man in the middle’ attack
Messages can only be decrypted by the intended recipient and is also AES 256 encrypted on their phone
Uses origin tracking technology – a unique token is issued each time a user communicates with our servers that logs their IP address and phone ID, even if someone intercepts this token they will be blocked as their IP address and phone ID will not match
Triple-layer user authentication
- In addition to a user’s PIN protection on their phone, users must sign in to Cupris with a secure username and password as well as setting a separate PIN to unlock the Cupris app
- Even if the user loses their phone or someone else picks it up, they will not be able to access data stored on the Cupris app
Mimicking banking security protocols, a user needs to re-enter their PIN if the app isn’t used for a set period of time or after they leave the app
Data not stored in native phone gallery
No data is stored on the phone’s native gallery or any public area of the file storage system
This means that you will not find confidential patient information appearing amongst your personal images / videos
Management audit and oversight
Management can have oversight of who is using Cupris and how they are using it
A full audit history is securely stored
Invaluable for any freedom of information acts that might arise
Full audit trail
Know when a message has been sent, delivered and read
This audit trail can be exported and added to the patient record if required
To prevent someone inadvertently seeing confidential patient data appearing on a user notification, the notifications don’t contain these details. Users will see “you have received a message” and will have to enter the pin to open the message.
Already used in the NHS
Cupris is used in Medway NHS Foundation Trust and multiple other NHS organisations
Cupris is integrated with EMIS and is integrating with other widely used EMRs
Sounds Good, but why not just use whatsapp?
Using WhatsApp to share patient-identifiable information is insecure. A data-breach because of its use in a healthcare setting is inevitable.
The legal framework detailed in the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act, and the Human Rights Act, works to preserve the confidentiality of patient data. Using WhatsApp to share patient information does not comply with these laws for the following reasons:
- Data is not stored on UK-based, N3 approved servers
- WhatsApp data is not encrypted on the user’s phone
- No PIN / login required to open WhatsApp so anyone with access to the phone can access your WhatsApp data
- By default, all media shared on WhatsApp is saved to your native phone gallery, mixing patient images with a user’s personal photos. Family and friends could inadvertently access confidential patient information if sharing is enabled (a common situation)
- Users who automatically back up their photos will then be storing patient information on non-compliant cloud storage services like Dropbox
- Even if you switch off WhatsApp backing up photos on your phone, you have no way of knowing whether the person you’re sharing data with has done the same. This data could be accessed by unauthorised third parties or backed up to unauthorised cloud services
- WhatsApp enables the automatic back-up of unencrypted conversations to the cloud
- No management oversight or ability to carry out audits. Cannot extract usage data for freedom of information requests.