DATA SECURITY

FOR AISA® AND

AMPLIFY+®

INTRODUCTION

Hospital staff face increasing pressures to maximise productivity and manage their time effectively. Amplify+® is an end-to-end, AI-powered clinical documentation workflow solution designed to streamline clinical documentation,enhance quality and accuracy, and eliminate errors and inconsistencies in clinical data.

AISA® empowers clinicians with a comprehensive ambient documentation solution, capturing single or multi-party encounters using advanced transformer AI. It automatically generates diarised transcripts, clinical summaries, and tailored output documents for clinicians, patients, and administrators. Seamlessly integrating with EPRs via FHIR/HL7, it writes structured data directly into patient records.

PRESCRIBE DIGITAL UK CLOUD SERVICES

Prescribe Digital offers Amplify+® and AISA® as part of its Prescribe Digital UK Cloud Services, hosted securely and reliably on Microsoft Azure.

  • Amplify+® and AISA® are hosted on Microsoft Azure’s global cloud infrastructure, with primary and secondary regions configured to ensure redundancy, high availability, and disaster recovery. This setup provides secure, scalable, and resilient hosting environments that comply with regional data protection and security requirements.

    • Microsoft Azure guarantees 99.95% uptime, ensuring high availability.

    • Microsoft Azure meets a comprehensive set of international and industry specific compliance standards. Certifications and compliance details are available at Microsoft Azure Certifications.

  • • Communication between client applications and Prescribe Digital cloud services is encrypted using HTTPS with TLS 1.2 or TLS 1.3, secured by an AES 256-bit cipher algorithm.

    • Security protocols and standards are continually monitored and updated to address emerging threats.

    • External audits and security testing, including analyses by Qualys SSL Labs, ensure Prescribe Digital achieves an “A+” rating for TLS endpoint security.

  • • Files are stored in Microsoft Azure Blob Storage and SQL Server databases.

    • Transparent Data Encryption (TDE) with AES 256-bit encryption is applied to guarantee the security of data at rest.

    • Data retention policies are set to automatically delete files older than 3 months (or longer if required by a client), ensuring compliance with data minimisation principles.

  • Access Control: With role-based access control (RBAC), we make sure only the right people have access to sensitive systems and data. Everyone gets just the level of access they need for their job, nothing more, nothing less, to keep things secure and streamlined.

    Intrusion Detection and Prevention: Systems are equipped with advanced monitoring tools to detect and block unauthorised access attempts.

    Regular Security Updates: All operating systems and software undergo regular patching to protect against known vulnerabilities.

    Source Code Protection: Our development processes include secure storage and access control for all source code, ensuring the protection of intellectual property and prevention of unauthorised changes to the Amplify+® or AISA® platforms.

  • Web Application Firewalls (WAF): Protect against common web-based attacks, including SQL injection, cross-site scripting (XSS), and DDoS attacks.

    HTTPS Encryption: All web-based communications are secured using TLS protocols with AES 256-bit encryption.

    OWASP Compliance: Web applications are developed and maintained following the OWASP Top Ten guidelines to mitigate critical vulnerabilities.

  • Multi-Factor Authentication (MFA): Mandatory MFA is enforced for all employees accessing the system.

    Security Awareness Training: All staff undergo regular training to identify and respond to phishing attempts, social engineering, and other security threats.

    Background Checks: Comprehensive pre-employment screening ensures trustworthy personnel are on board.

    Access Monitoring: Employee access to systems and data is monitored and logged, with audits conducted periodically to ensure compliance with security policies.

  • Secure Development Lifecycle (SDLC): Amplify+® and AISA® is developed following secure coding practices, incorporating security reviews at every stage of development.

    Penetration Testing: Routine penetration testing is conducted to identify and address potential vulnerabilities in the application.

    API Security: APIs used by Amplify+® and AISA® are secured with OAuth 2.0 and rate limiting to prevent abuse and unauthorised access.

    Regular Updates: The application is updated frequently to patch vulnerabilities, improve functionality, and maintain compliance with security standards.

  • • Multi-Factor Authentication (MFA): Required all employees to ensure secure access.

    • FortiClient EMS Protection: Provides advanced malware protection, intrusion prevention systems (IPS), and antivirus capabilities.

    Patching and Updates: Regularly applied to ensure all systems remain secure and up to date.

    Continuous Security Monitoring: Proactively identifies anomalies and potential risks.

HIGH AVAILABILITY, BUSINESS AND SERVCE CONTINUITY AND DISASTER RECOVERY

Amplify+® and AISA® are hosted within Microsoft Azure’s global cloud infrastructure, with redundant deployments across geographically separate regions to ensure high availability, business continuity, and disaster recovery.

  • • Regular automated backups are performed to ensure your data is continuously protected.

    • Encrypted copies of all critical data are securely stored in secondary regions to enable rapid recovery in the event of data loss or corruption.

  • Full Backups: Comprehensive backups of all data to preserve system integrity.

    Incremental Backups: Capture only changes made since the last backup, optimizing both storage efficiency and backup performance.

  • • Azure Site Recovery (ASR): Critical systems and data are continuously replicated to a secondary Azure region to maintain up-to-date recovery points.

    • In the event of an outage, ASR enables rapid failover and restoration, minimizing downtime and ensuring service continuity.

  • • Recovery Point Objective (RPO): 15 minutes or less — ensuring that, in the rare event of an outage, data loss is minimal.

    Recovery Time Objective (RTO): Designed to support swift restoration, reducing disruption to business operations.

  • Regular disaster recovery tests and plan updates are conducted to validate the effectiveness of our recovery processes. These proactive measures ensure that our systems can quickly and reliably recover from both planned and unplanned disruptions, minimizing any potential downtime for users.

NETWORK SECURITY

• Secure Data Transmission: All applications communicate exclusively over HTTPS (Port 443), leveraging TLS 1.2 or TLS 1.3 protocols with 256-bit AES encryption to ensure data integrity and confidentiality during transit. All other ports are closed.

Zero Trust Security Model: Access is granted based on identity verification, device compliance, and contextual risk assessment. Multi-Factor Authentication (MFA) is enforced, and least privilege access principles ensure users and systems only have the minimum necessary permissions.

Azure Network Security: Azure-native security features, such as Azure Firewall, Network Security Groups (NSGs), and Azure DDoS Protection, are implemented to safeguard network traffic and prevent unauthorised access. Virtual Network (VNet) segmentation further isolates workloads, reducing the attack surface.

Advanced Threat Protection: Built-in Windows Defender and FortiClient EMS Protection provide robust defence against malware, cyber threats, and unauthorised access, actively monitoring and neutralising potential risks. Additionally, Azure Security Centre continuously assesses security posture and provides recommendations to mitigate vulnerabilities.

Real-Time Monitoring Threat Detection: Continuous network monitoring using Azure Sentinel and Microsoft Defender for Cloud ensures prompt identification and response to anomalies, minimising vulnerabilities and enhancing overall security. Log analytics and Security Information and Event Management (SIEM) tools provide real-time insights for proactive threat hunting

SECURE INTEGRATION WITH THE UK HEALTHCARE ECOSYSTEM

Amplify+® and AISA® is designed with robust security protocols to ensure secure, compliant, and efficient integration with key components of the UK Healthcare System.

Amplify+® and AISA® adheres to the highest security standards to ensure that patient data is protected during integration processes, minimising the risk of breaches and ensuring compliance with relevant UK regulations, including the UK GDPR and the Data Protection Act 2018, and NHS Digital Security Standards.

  • Amplify+® and AISA® integrates securely with NHS services like the National Care Records Service

    (NCRS) and the Summary Care Record (SCR), utilising advanced encryption protocols for the transmission of patient health data. All data exchanges use role-based access control and are tied to the NHS Number as the unique patient identifier.

  • Amplify+® and AISA® supports FHIR (Fast Healthcare Interoperability Resources) standards for integration with leading UK EPRs (such as Cerner and Epic) and primary care (GP) systems, including EMIS Web and TPP SystmOne.

  • Amplify+® and AISA® integrates securely with telehealth platforms and NHS-approved Electronic Prescription Service (EPS) systems, ensuring end-to-end encryption for all communication. This supports compliance with UK digital health standards, including the NHS England transformation directorate standards, ensuring the protection of patient privacy during remote consultations and prescriptions.

  • Amplify+® and AISA® connect with EPR systems via secure APIs, using encrypted channels for data transfer and role-based access controls to ensure that only authorised users can view or update patient records. This ensures compliance with UK healthcare data security standards and facilitates the safe exchange of sensitive health information.

  • The integration with PAS systems is secured through industry-standard encryption techniques, ensuring the integrity and confidentiality of patient administrative data. Secure authentication methods and audit trails are implemented to prevent unauthorised access to patient admission, scheduling, and registration data, ensuring that only authorised healthcare providers can interact with patient information.

SECURE INTEGRATION WITH AUSTRALIAN HEALTHCARE ECOSYSTEM

Amplify+® and AISA® is designed with robust security protocols to ensure secure, compliant, and efficient integration with key components of the Australian healthcare system. The platform adheres to stringent data protection standards to guarantee the confidentiality, integrity, and availability of patient data during all integration processes:

  • Amplify+™ and AISA™ integrates securely with My Health Record, utilising advanced encryption protocols for the transmission of patient health data.

    All data exchanges are subject to strict access controls, ensuring only authorised personnel can access and update patient records. Compliance with the Australian Privacy Principles (APPs) and the Privacy Act 1988 ensures data protection in line with local regulatory requirements.

  • Amplify+™ and AISA™ supports FHIR (Fast Healthcare Interoperability Resources) standards for integration with leading Australian EMRs, such as Best Practice, Medical Director, and Genie.

    These integrations use secure authentication methods (OAuth2.0, API keys) to ensure only authorised systems can access sensitive health data, while also providing audit logs to track data access and modifications.

     

  • Amplify+™ and AISA™ integrates securely with telehealth platforms and government-approved electronic prescribing systems, ensuring end-to-end encryption for all communication. This supports compliance with Australian digital health standards, including the Australian Digital Health Agency (ADHA) regulations, ensuring the protection of patient privacy during remote consultations and prescriptions.

     

  • Amplify+™ and AISA™ connect with EMR systems via secure APIs, using encrypted channels for data transfer and role-based access controls to ensure that only authorised users can view or update patient records. This ensures compliance with Australian healthcare data security standards and facilitates the safe exchange of sensitive health information.

  • The integration with PAS systems is secured through industry-standard encryption techniques, ensuring the integrity and confidentiality of patient administrative data. Secure authentication methods and audit trails are implemented to prevent unauthorised access to patient admission, scheduling, and registration data, ensuring that only authorised healthcare providers can interact with patient information.