Sue Robb of 4Children talks to Julie Laughton and Alison Britton from the Department for Education about the role of childminders in delivering the 30 hours free entitlement.
Safe4 Information Management Limited
Safe4 Information Management was founded in the United Kingdom in 2010 with the specific intention of providing a highly secure internet-based service for any organisation that shares confidential information with external parties, without the need for email.
The dramatic rise in the occurrence of email fraud and phishing have further undermined the ability of many organisations to trust open email. Dissemination of viruses and other malware such as ransomware have had a damaging impact in recent years, not least on some very high-profile public sector organisations.
Safe4 made the decision to host all of its customers’ information exclusively in the United Kingdom in 2010, and utilises data centres accredited to ISO 27001. The emphasis on security is reflected in the basic architecture of the service, which applies levels of encryption and obfuscation to all stored information that have never been compromised. Coupled with an extraordinary record of high levels of availability and quality of service, Safe4 has become established as a trusted partner by many organisations that regard secure information delivery and storage as an essential element of their own service.
Safe4 in the Public Sector Today
As well as a range of practitioners in the legal, accounting and insurance professions, Safe4 is used by customers in the financial services sector, including international banks. Public sector customers include the National Health Service, where Safe4 provides a platform for sharing information in the Emergency Preparedness, Resilience and Response environment – applications requiring very high levels of security and availability. Safe4 is also used extensively by other public sector organisations whose need for security is paramount. These organisations are not named in this article, but can be identified in confidence if appropriate.
What About Data Protection?
The incorporation of the European GDPR into our own Data Protection Act in May 2018 has had a profound impact on the need for heightened confidentiality in information management and distribution. Despite this, many organisations are still using open email for the transmission of highly confidential personal information, a practice that risks loss of data that could be very damaging for the individual people concerned, as well as the organisations who manage the information.
Examples of this can be found in the way that care homes send and receive information about their residents. This communication cycle includes local authority social care providers, the NHS, doctors and psychiatrists. Often highly personal information is sent as an attachment to an email; this information can include care plans, psychological assessment reports, medical information, as well as deeply personal details of mental health patients.
Is Communication by Email the Answer?
There are a number of “secure” email services available, which ostensibly transport messages from one party to another without risk of interception. Whilst the actual transmission of information may be secure, there is no control over what happens to any documents or data after they have been received. The onus is still on the recipient to manage the information securely in their own environment, and create suitable repositories that can be accessed safely by their own teams.
When multiple recipients are involved, the problem becomes more difficult to manage. In a situation where a mental health nurse, for example, conducts an assessment of a patient, this must be shared with the care home, potentially the patient’s family, a psychiatrist, the local authority social care teams, and possibly the GP or NHS if medical needs are to be addressed. Each of these service providers must make their own arrangements to store this information safely, and ensure that it is readily available in the event of any subsequent episodes of treatment.
Further complications arise when information is shared using password-protected files. Not only must passwords be transmitted in a separate communication from the actual documents, they must be retained for evermore so that subsequent access to the file is possible. If passwords are lost or misplaced, access to the file becomes impossible.
How Can Safe4 Help
The design of Safe4 allows for the creation of a secure vault to hold the information relating to any subject: in legal terms this can be a matter or a data room, in the financial services environment it may relate to a client or an insurance policy, for instance. Users are then given access to the vaults with which they are involved, subject to very granular permission controls that allow vaults to be segmented using simple folder structures.
In the context of the mental health patient described above, a vault would be set up to represent each individual, and the participants in the communication ecosystem given access so that they are all using the same information at the same time. Upload and download permissions can be granted according to the role of each user, with new information additions being notified to authorised users automatically. All actions are recorded in a comprehensive audit trail.
Safe4 Information Management became registered as a G-Cloud supplier in July 2018, thus allowing the service to be procured through this platform.