The principles of information security require that all reasonable care is taken to prevent inappropriate access, modification or manipulation of data from taking place. LifeQI, together with our hosting partners, have best practice measures in place to protect the confidentiality, integrity and availability of your data at all times. We take this responsibility very seriously and are constantly working to ensure not just compliance with the law but that we support you in complying with any pertinent organisational information governance (IG) policies. As such we have robust controls in place to maintain security and data protection.
As a web-based platform, LifeQI is 'hosted' on computers which are located at datacentres. As the data entered into LifeQI can be sensitive, its physical location must be somewhere that complies with the relevant data protection legislation and where the latest and most robust physical security measures are in place. Datacenters provide this level of security along with many other benefits such as reduced cost, better resilience and expert 24/7/365 management of equipment. LifeQI's data is hosted by Amazon Web Services.
Ensuring the correct and appropriate access, modification and sharing of data is of the upmost importance. Which is why we utilise the latest physical and network security measures, whilst also allowing you the user control over how you share your improvement data. This combination of security measures and user control is part of the shared responsibility model adopted by LifeQI.
There are three types of data held in LifeQI: Personal, Content, and Meta. All data is subject to the same physical and network security measures. The level of control users have over how the data is managed depends on the type. At no point will the system ask or require you to enter patient identifiable information, and it is strongly advised that you do not. Should you choose to enter such information it is your responsibility to ensure compliance with your IG policies.
Access to this data is protected through the use of physical and network security (e.g. firewalls, encryption in transit and in storage, secure user logins) and access is further controlled by users themselves. Settings are available on each project so the data can be shared with the rest of the user community as appropriate. This allows users to share as much or as little as is permitted by their organisation's information governance and data sharing policies.