Notice
- Important: This guidance is under active development by NHS England and content may be added or updated on a regular basis.
- This Implementation Guide is currently in Draft and SHOULD NOT be used for development or active implementation without express direction from the NHS England Genomics Unit.
Security
This page describes the security guidance/requirements.
Security of data and the service will be done to conform to the security standard expected for any NHS England service:
- Encryption at rest and in transit
- Appropriate levels of authentication of users
- Appropriate RBAC controls, utilising strategy of least privilege
- Maintenance plan for software and library versions and any ad-hoc security patches
- Audit of access to both front and backend services
It is expected only active healthcare professionals, within particular specialties, will be able to order Genetic tests and only recipient GLHs/labs or requesting clinicians will be able to view tasks related to a test order.
Finally, it is expected only clinicians responsible for interpretation of a genetic test, or the clinician responsible for care of the patient will be able to access the Diagnostic Report produced, subject to standard break-glass procedures.