Secure publication to the DDS: Difference between revisions

Data is transferred, via HSCN, into the DDS HSCN connected AWS instance in one of the four following ways:

• SFTP Pull
• SFTP Push
• HTTPS Post
• MLLP Send

SFTP Pull

GP IT Futures IM1 pairing directly with the publisher’s system supplier. The data is pulled by the DDS from the suppliers SFTP and then onto a publisher specific SFTP folder structure in Discovery’s AWS instance over a TLS 1.2 encrypted link. Data from EMIS is pgp encrypted at source.

SFTP Push

The data is pushed from the publisher's SFTP into the DDS and then onto a publisher specific SFTP folder structure in Discovery’s AWS instance over a TLS 1.2 encrypted link.

HTTPS REST Post

The data is posted to the DDS and then onto a publisher specific data structure in Discovery’s AWS instance over a TLS 1.2 encrypted link.

MLLP Send

Messages are posted over VPN TLS 1.2 encrypted links into the DDS HL7 receiver and then onto Discovery’s AWS instance.

AWS Security

As a hosting organisation, AWS has in place over 50 security and compliance certifications including ISO 27001, 27017, 27018; PCI DSS; SOC 1/2/3; and Cyber Essentials Plus.

The DDS is built on this platform and makes use of multiple enhanced features to secure the data; these include encrypting all networks to at least TLS 1.2 with high strength ciphers, ensuring all data at rest (such as in databases) or data in transit (such processing queues) is encrypted, administrative access is controlled using VPN with 2FA, access controls, and all access to the systems is logged & audited.

The system has been designed to exceed the requirements set out in the NHS Data Security Protection Toolkit.

HSCN Certification

The Discovery platform has an HSCN to AWS connection that has been certified.

The connection is provided through our IG agreement with Tower Hamlets CCG ODS code 08V.