Information governance is a key concept to our development team, ensuring that our services adhere to our clients’ compliance requirements and providing adequate protection and security throughout all of our collaborative projects.
“General practitioners and their patients need reassurance that our datasets are secure; one of the things that we were convinced about was that the platform [AnalytiXagility] and Aridhia places this anonymised data in is a physically secure platform.” Ryan Meikle, Data Architect, NEL Commissioning Support Unit
Our services share the best practice principles and guidance from the Scottish Health Informatics Programme (SHIP) and NHS Caldicott Principles, as well as the best attributes of international safe havens and relevant privacy legislation. The governance model that Aridhia deploys to manage the services that AnalytiXagility provides covers people, process, data and the use of the data.
We’ve listed some key information below to help you better understand our approach to information governance. Please read our FAQs for information on the kinds of safeguards and standards that Aridhia adheres to, but if you have specific questions that you’d like to discuss, please contact us.
In addition to AnalytiXagility’s core features, advanced services are available, such as our data De-identification Service, which enables the pseudo-anonymisation of any sensitive data before it is securely transferred into the platform, and the ability to connect to the NHS secure N3 network via our Population Health & Integrated Care Workspace.
In relation to external governance, Aridhia adheres to the Data Protection Act 1998 and duties (common law duty of confidence), NHS standards (Confidentiality: NHS Code of Practice) and Caldicott.
The Data Protection Act addresses the privacy, security and handling of client data, and can help clients to meet their compliance obligations. We also fully align with the international information security standard ISO 27001.
Our General Counsel is responsible for overseeing Aridhia’s compliance with all relevant legislation, including data protection.
Data is loaded into a workspace via Secure File Transfer (SFTP). Once data is within the AnalytiXagility analytical workspace, all user activity is tracked and monitored in the system, the outputs of which are available to end users through an audit report.
AnalytiXagility is hosted in the UK on a cloud Infrastructure-as-a-Service (IaaS) provided by UKCloud Ltd (formerly Skyscape), whose IaaS offering holds pan-Government accreditation to store data up to and including Business Impact Level 2 (IL2). The IaaS element of the service is independently certified to ISO 20000 (IT Service Management), ISO 27001 (Information Security Management) and ISO 9001 (Quality Management) standards.
All Aridhia employees have employment contracts requiring them to abide by the highest standards of confidentiality and security. They are also required to confirm on an ongoing basis that they understand their responsibilities in relation to the safe handling of information. Employees who work with NHS clients are also provided with a copy of the NHS England and NHS Scotland codes of confidentiality.