Security Overview

Safeguarding your information and data

Life QI is the leading web-based platform for quality improvement in healthcare. All quality improvement relies on data.  That’s why, in order to protect the data entrusted to us, we operate an array of security controls and protocols.

This article covers:

Reliability & Availability

How do I access Life QI?

It’s easy! Life QI is a web-based platform which is accessed through your web browser. It can be accessed at any time, and through any device, so long as you have a web-browser and Internet connection! Optimal performance is delivered through Google Chrome, although other browsers are supported.

Please see a list of supported browsers here

Will Life QI be available?

Yes! Our goal is to ensure continuous availability of the Life QI platform. We have measures in place to ensure the solution remains constantly available, and aim to achieve 99.9% availability. Our team are on duty 24 hours a day and are backed up by AWS' datacentre team dedicated to maintaining constant service availability.

Does Life QI back up data?

Yes! All data saved in Life QI is backed up on a consistent and recurring basis.  This includes the utilisation of frequent server instance backups, data redundancy replication, and multi-region/availability zone deployment architectures.

Read more about our Resilience here

Does the Life QI software contain system redundancy?

Yes! We utilise redundancy through AWS availability zones meaning that, in case of failure, customer data traffic is moved away from the affected area to another availability zone in the same region.

Application Security

Is Life QI secure?

Yes! As well as our own security features and processes, our infrastructure is backed by Amazon Web Services' (AWS) policies and procedures. AWS are widely accepted as world leaders in cloud computing and are compliant with major industry standards, including ISO 27001. 

Read more about our security here.

What about Confidential Patient Information?

As a result of the datasets typically used in quality improvement, Life QI is not designed for storing Confidential Patient Information (otherwise known as Protected Health Information – PHI). Read more about confidential patient information.

Does Life QI encrypt data in transit?

Yes! All user interactions with the Life QI platform (e.g. logins, browsing pages, api calls etc) are protected with top end in-transit encryption. They are encrypted in-transit with either TLS or SSL with RSA 2,048 bit keys or better.

Does Life QI encrypt data at rest?

Yes! Life QI leverages several technologies to ensure stored data is encrypted at rest. Physical and virtualised hard drives used by Life QI product server instances as well as storage solutions like AWS Elastic File System use AES-256 encryption. Additionally, certain databases or field-level information is encrypted at rest, based on the sensitivity of the information. For instance, user passwords are additionally hashed.

How are encryption keys managed?

Encryption keys for both in-transit and at-rest encryption are securely managed. SSL & TLS private keys for in-transit encryption are managed through our certificate provider. Volume and field-level encryption keys for at-rest encryption are stored in a hardened Key Management System that uses HSMs validated to FIPS 140-2. Keys are rotated, and the frequency varies by the type of key and the sensitivity of the key and the data it protects.

Does Life QI conduct regular audits and penetration testing?

Yes! Life QI performs internal audits and engages with industry-recognised providers for external audits. Life QI engages twice annually with industry-recognised providers for application and network penetration testing.

Does Life QI have a password policy?

Yes! Passwords must be 9 alphanumeric characters with at least 1 uppercase, 1 lowercase, 1 special (@,£,%) and 1 number.

Information Governance

Who owns the data in Life QI?

Data in Life QI comes in several types and the ownership is dependent on type.  User's personal data is owned by the data subject and content data (i.e. the information added to projects) is owned by your organisation. You can read more about data ownership in Life QI here.

What procedures and protocols are in place to protect user’s personal data?

All personal data in Life QI are managed in accordance with the rigorous regulations set out in the GDPR.  You can read more about how we protect personal information here, and withing our GDPR Compliance Statement.

Is data shared with Third Parties?

Life QI do not share content data with third party organisations. Certain personal data is shared with our CRM and Support software provider to enable us to identify users whilst providing support servers, such as live chat and email and to contact users with relevant information to their use of our services.

Datacentre Protections

Are physical security protections in place to protect my data?

Yes! Life QI is hosted by Amazon Web Services (AWS). AWS' highly secure datacentres utilise state-of-the art electronic surveillance and multi-factor access control systems. Datacentre uptime is guaranteed between 99.95% and 100%, and the facilities ensure a minimum of N+1 redundancy to all power, network, and HVAC services. Datacentres are staffed 24x7 by trained security guards and are SOC 2 Type II and ISO 27001 certified (AWS compliance site).

Where are data physically stored?

Life QI is currently available in 31 countries, each with its own isolated version of Life QI. Each version of Life QI has a totally separate database and no data is ever shared between versions. All versions are currently hosted on Amazon Web Services (AWS) servers in London, England.  Through AWS, Life QI can be deployed from 11 locations globally allowing compliance with local laws and regulations.