Governance

What is the Tekihealth Clinical Laptop Leasing Service?

Tekihealth (TSL) has found that clinicians working across the health service (“Clinicians”), particularly those in locum positions, are in need of laptops that can be used at different NHS and private organisations. Having their own laptop reduces delay and burden on the engaging Healthcare Organisation to obtain, configure and provide physical assets to the visiting clinician.

Tekihealth have partnered with Egton (providers of EMIS clinical system software) to purchase laptops for the purposes of leasing to clinicians across the healthcare sector.

Clinicians that are leasing assets can lease for short term or longer-term periods and can return the device as and when required. The devices will come with clinical system EMIS pre-loaded as well as other verified clinical software applications such as remote consultation software.

The devices can then be used to allow the Clinician to deliver services to the healthcare organisation they are placed with.

How does it Work?

The Hirer (being the Clinician hiring the device either directly from Tekihealth or via their agency) completes a Tekihealth Clinical Laptop Leasing request form and signs an Equipment Hire Agreement or if an agency then an Equipment Hire Payment Agreement. A laptop is identified for to Hirer and the Tekihealth Asset Register is updated to include the model / device number, Clinician, dates of hire and any relevant configuration information.

If not already configured, the device will be configured according to the Tekihealth Configuration standards (see Appendix A), and this will be signed off by the Tekihealth Technical lead prior to issue.

The laptop is prepared for shipping and tracking is arranged to ensure safe delivery, on arrival, the Hirer will sign for the device to confirm receipt.

During the lease period, the Hirer may encounter issues related to the use of specific software that has been loaded on to the laptop. They can use the support numbers below for specific software such as teleconsultation software or clinical system software.

In the event that the issue relates to the physical device itself, the Hirer will call the Tekihealth support number. In the event that the device is malfunctioning, and the issue cannot be resolved, a new laptop will be couriered urgently.

In the event of an incident relating to the laptop such as loss, theft, infection or corruption, the Hirer must report to Tekihealth and the Healthcare Organisation immediately.

When the lease period expires, the Hirer is contacted by Tekihealth directly to arrange for courier collection. Once the device is back in Tekihealth’s possession, it is logged on the asset register.

Tekihealth IT will now remove the SSD card and replace it to ensure that any locally cached or residual data is completely removed, and the laptop is essentially ‘cleansed’.

Details of data destruction are uploaded onto the Tekihealth Data Destruction Schedule located at [insert web portal]

Who is the Data Controller / Processor when it comes to data that is stored or accessed via the laptop?

The Healthcare Organisation (usually the GP practice) remains the Data Controller for any patient data processed by the Hirer, on the Tekihealth device.

Tekihealth is acting as a Processor on behalf of the healthcare organisation. They process data under their instructions as Data Controller. These instructions are issued by virtue of Processing Terms defined under UK GDPR Article 28 (see Appendix B). By allowing the Hirer to proceed with using the laptop, configured with the identified software, the Healthcare Organisation is providing Tekihealth with the instructions found under Appendix B.

It is recommended that the Hirer and the Healthcare Organisation have these terms reviewed by their data protection lead.

Are the Laptops Secure?

Tekihealth have sought to replicate the configuration applied by other key IT service providers across the NHS, such as Commissioning Support Units. The standard configuration includes device encryption, access control and software patching and update. See Appendix A for full configuration detail.

The devices can be locked down remotely in the event of loss or theft.

What Happens to the Data that Has been Stored on the Device at the End of the Contract with the Hirer?

It is recommended that Healthcare Organisations advice Hirers to save records into the cloud locations for the customers such as in N365 drives / folders and within the clinical system.

With any leaving team member, we would anticipate that the Hirer is required to transfer key data over to the Healthcare Organisation and to clear down their devices / accounts.

On return, the SSD cards are replaced which means that no residual data will be present on the device at the point of recommissioning. A certificate will be provided to the Hirer to confirm that this is the case.

Where there have been call recordings and meta data (time of call, phone number etc) collected through the use of the Surgery Connect software, this will be retained for 36 months as standard and then completely deleted. A deletion confirmation will be published for the Healthcare Organisation’s records.

It is important that your policies make it clear that recordings should be regularly appended to the main clinical record or an accurate summary in words are added to the record. This then supports appropriate deletion of the originals in accordance with the NHSX Records Management Code of Practice.

Should you wish to retain recordings for a longer period to align with internal processes, you can request that the records are emailed across prior to the destruction date.

Appendix A

Tekihealth Clinical Laptop Leasing – Technical Configuration

Our laptops can be configured according to your requirements. If your practice or trust has a particular security requirement, just let us know and we can adjust the security policy remotely.

• Tekihealth laptops are installed with Windows 10 Professional
• Tekihealth laptops have a Trusted Platform Module (TPM) Chip as part of the hardware. The TPM generates encryption keys and keeps part of the encryption key for itself and is necessary for BitLocker.
• Tekihealth laptops are configured with BitLocker encryption enabled as standard.
• Each Tekihealth laptop is enrolled into Tekihealth’s Microsoft InTune central endpoint management system which allows Tekihealth to apply security policies to laptops, view their status and also remotely wipe the laptop if it becomes lost or stolen for additional security risk mitigation.
• Tekihealth laptops are configured with a local administrator account which is accessible only to Tekihealth staff.
• The user profile which has been set up for the customer is a standard user account and does not have administrator privileges. This prevents the user or a malicious program from installing software without an administrator account approval.
• Each Tekihealth laptop will be configured with Windows Defender Antivirus and Windows Defender Firewall.
• Each Tekihealth laptop will timeout after 15 minutes of inactivity by going to a screen saver or turning off the monitor, which will then require the user to provide their user credentials to resume working on the laptop.
• User access to the control panel is limited via group policy.
• The Windows Guest Account is disabled
• There is a Tekihealth security sticker which covers the access screws/panels on the laptop which is designed to deter someone opening the laptop without the permission of Tekihealth.

Software updating and Patching 

• All software applications require updating, patches and security updates, these serve to address system vulnerabilities after software has been released.
• Tekihealth can manage software patching from Microsoft InTune’s Admin Console. Tekihealth admins can deploy software packages, updates, and patches. The tool allows for push-update scheduling, define update/patch deploy strategies, and more. Microsoft InTune also has a silent patching and updating feature, meaning that the user should not experience any interruption while these processes are performed.
• Microsoft InTune provides updates for Microsoft and other software vendors with the following classification of software updates:
  • Critical Updates
  • Definition Updates
  • Security Updates
  • Service Packs
  • Update Rollup

Standard Software Build

Tekihealth laptops come with a standard software build which will be reviewed monthly or upon receipt of a vulnerability alert.

Layer 1 (Default Image to Function)

Configuration Settings (All Machines – Enforced via Policy)

• Microsoft Patching managed by InTune/MEM
• Computer lockout time set to 15 minutes
• Monitor timeout set to 15 minutes
• Standby set to 30 minutes
• Default Browser set to Microsoft Edge (Just as good as Chrome as its built on the same engine now days and more easily configurable)
• Default Homepage set to Default
• Wallpaper set to Windows Default
• Screen saver to Windows Default

How Tekihealth laptops are secured during transit:

• Tekihealth laptops are labelled and stored in an asset register.
• Tekihealth laptops movements are tracked using the asset management software, updates on their location are provided and their condition (re-commissioning).
• Tekihealth laptops in transit have already been enabled with BitLocker 256bit encryption so if the laptop is intercepted the drive contents cannot reasonably be decrypted.
• Tekihealth laptops will be sent via a secure and trusted courier and the delivery will be recorded, require a signature and be insured.
• Tekihealth laptops are security marked to aid police investigations in case of theft and labelling of this fact may deter thieves.
• Tekihealth laptops are provided in a laptop bag with padlock compatibility
• Tekihealth laptops are provided with a combination cable lock which enables the customer to be able to secure it at the location in which they are working, and they are encouraged to do so.
• The customer knows who to call and to do so as soon as they think their laptop is damaged, lost or stolen. A police crime reference number must be obtained as well as per Loss/Theft procedure to determined.
• Customers are given a list of precautions and tips on how to keep their laptop safe from damage, loss and theft.

Recommissioning and Decommissioning 

• When a Tekihealth laptop is re-commissioned to a new user, a brand new SSD is installed to provide maximum security and reliability. This action is logged and recorded.
• When a Tekihealth laptop is decommissioned the laptop SSD is destroyed and this action is logged and recorded.

Appendix B Processing Terms

Data Processing Agreement

Context

These terms serve to satisfy the requirements of Article 28 UK GDPR and s 59 Data Protection Act 2018 insofar as it contractually binds The Processor with regards to processing activities and sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of The Controller (The Healthcare Organisation).

1. Introduction

1.1 For the purposes of this Agreement the terms “Controller”, “Processor”, “Personal Data”, “Sensitive Personal Data”, “Data Subject” and “Processing” (and Process and Processed shall be construed accordingly) shall have their respective meanings under the Data Protection Act 2018 (“DPA”) as amended or replaced from time to time, together with all equivalent legislation of the UK and any other applicable jurisdiction (the “Data Protection Legislation”).

1.2 Where an organisation permits the use of Tekihealth leased laptops by clinicians or other staff engaged in healthcare provision (“Laptop Leasing Services”), Tekihealth Solutions Ltd shall process Personal Data (“Agreement Data”).

1.3 This Data Processing Agreement shall, unless terminated in accordance with clause 7, run from the date of the commencement of the Laptop Leasing Services and then automatically expire upon the secure return and /or destruction of the Agreement Data in accordance with clause 2.5.8 below.

1.4 This Agreement is governed by and shall be interpreted in accordance with the laws of England and Wales, and the Parties agree to submit to the exclusive jurisdiction of the courts of England.

1.5 This Agreement seeks to satisfy the Controller’s obligations under Data Protection Legislation in respect of its appointment, control and management of the Data Processor.

2. Data Processor Responsibilities

Compliance with Laws

2.1 The Processor shall not cause the Controller to breach any obligation under the Data Protection Legislation.

2.2 The Processor shall notify the Controller without undue delay, if in the delivery of the Services, it identifies any potential areas of actual or potential non-compliance with the Data Protection Legislation in respect of its Processing of Agreement Data.

Authority

2.3 The Controller authorises the Processor to Process the Agreement Data during the term of this Agreement as a Data Processor for the purposes of providing the Laptop Leasing Services only.

2.4 The Controller warrants that any disclosure to Sub Processors (as described in Schedule 1) (“Authorised Sub Processors”) by the Data Processor, under the Agreement, shall not cause the Processor to breach any obligation under the Data Protection Legislation.

Sub-Processing

2.5 Save for any Authorised Sub Processors, the Processor shall not engage, use or permit any third party to carry out Processing of any Agreement Data without the prior written consent of the Controller, which may be withheld or subject to conditions at the Controller’s discretion. This Agreement shall be regarded as written consent to engage the Sub Processors identified at Schedule 1. If the Controller has consented to the use of any third party (subsequently, an “Authorised Sub-Processor”) for the Processing of Agreement Data;

2.6 the Processor shall provide the Controller with advance notice of any intended changes to any Authorised Sub-Processor, allowing the Controller sufficient opportunity to object; and

2.7 the Authorised Sub-Processor’s activities must be specified, and the same contractual terms set out in this Agreement imposed on that Authorised Sub-Processor.

2.8 Without prejudice to this clause 2.4, the Processor shall remain responsible for all acts or omissions of the Authorised Sub-Processor as if they were its own.

Data Processor Obligations

2.9 The Data Processor shall (and shall procure that any Authorised Sub-Processor shall):

2.9.1 Process the Agreement Data only on documented instructions from the Controller, including this Agreement;

2.9.2 the Processor shall ensure that Agreement Data will only be used by the Processor to the extent required to provide the Services. The Processor shall not without the express prior written consent of the Controller (a) convert any Agreement Data into anonymised, pseudonymised, depersonalised, aggregated or statistical data; (b) use any Agreement Data for “big data” analysis or purposes; or (c) match any Agreement Data with or against any other Personal Data (whether the Processor’s or any third party’s);

2.10 .1 not permit any Processing of Contract Data outside of the UK or the European Economic Area without the Controller’s prior written consent which may be subject to conditions at the Controller’s discretion (unless the Processor or Authorised Sub-Processors are required to transfer the Contract Data, to comply with UK, European Union or European Member State Applicable Laws and such laws prohibit notice to the Controller on public interest grounds);

2.10.2 ensure that any person authorised to Process the Agreement Data:

2.10.2.1 has committed themselves to confidentiality obligations or are under an appropriate statutory obligation of confidentiality

2.10.2.2 Processes the Agreement Data solely on instructions from the Controller; and

2.10.2.3 are appropriately reliable, qualified and trained in relation to their Processing of Agreement Data;

2.10.3 implement (and assist the Controller to implement) technical and organisational measures to ensure a level of security appropriate to the risk presented by Processing the Agreement Data, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise Processed (together, a “Data Security Incident”);

2.10.4 notify the Controller without undue delay (and in any event no later than 24 hours) after becoming aware of a reasonably suspected, “near miss” or actual Data Security Incident. Where, and in so far as, it is not possible to provide the information at the same time, the information may be provided in phases without undue further delay, and for the avoidance of doubt, the Processor and Authorised Sub-Processor may not delay notification under this clause on the basis that an investigation is incomplete or ongoing, and not make or permit any announcement to any party, without the Controller’s consent, which may be subject to conditions at the Controller’s sole discretion;

2.10.5 provide reasonable assistance to the Controller in:

2.10.5.1 responding to requests for exercising the Data Subject’s rights under the Data Protection Legislation, including by appropriate technical and organisational measures, insofar as this is possible;

2.10.5.2 reporting any Data Security Incident to any supervisory authority or Data Subjects and documenting any Security Breach;

2.10.5.3 taking measure to address the Security Breach, including, where appropriate, measures to mitigate its possible adverse effects; and

2.10.5.4 conducting privacy impact assessments of any Processing operations and consulting with any applicable supervisory authority or appropriate persons accordingly;

2.10.6 securely destroy all Agreement Data as described under (Schedule 2) and certify when this exercise has been completed (which shall be at least to the minimum standard set out in Schedule 2); and

2.10.7 hold Agreement Data physically and electronically separate to any other records or Personal Data, Processed by the Processor or Authorised Sub-Processor other than for the performance of the Services.

Information Provision

2. 11 The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this clause 2 and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. The Processor shall immediately inform the Controller if its instructions infringe UK, European Union or European Member State Applicable data protection Laws, as applicable, or provisions.

Audit

2.12 Subject to the Controller and its auditors entering into reasonable confidentiality obligations, the Processor warrants and undertakes on a continuing basis that it shall at any time upon request of the Controller, on reasonable notice and during regular business hours, at no cost to the Controller:

2.12.1 ensure that its staff are made available to the Controller and its auditors (whether internal and/or external);

2.12.2 provide all such persons with access to all relevant information (whether in electronic or hard copy form) and premises where the Personal Data is Processed; and

2.12.3 procure that its staff shall provide all reasonable co-operation and assistance to the Controller,

2.12.4 as may be necessary in the reasonable opinion of the Controller to permit an accurate and complete assessment of the Processor’s compliance with its obligations under this Agreement.

2. Requests from Data Subjects and Regulators

2.13 The Processor warrants and undertakes that it shall notify the Controller within five (5) working days (being any day in England and Wales that is a week day and not a bank holiday) of any complaint by a Data Subject in respect of Data relating to them or any request received from a Data Subject to have access to their Data or of any other communication relating directly or indirectly to the Data Processing in connection with this Agreement and provide all details of such complaint, request or communication to the Controller and promptly and fully cooperate and assist the Controller in relation to any such request or communication.

2.14 The Processor shall not respond directly to any Data Subject access request for their Data, to any Data Subject complaint in relation to their Data, or (unless and to the extent required by law) any communication by a Data Protection Authority to them in relation to the Data, in each case unless expressly approved in writing in advance by the Controller

3. Information Access

3.1 As a public body, the Controller is committed to the transparency agenda and its obligations under the information access regimes. The Controller may be required to disclose documents relating to this contract or the contract itself in response to a request under these regimes.

3.2 The Processor shall provide the Controller with all reasonable assistance and co-operation to enable the Controller to comply with its obligations under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004, each as amended or replaced from time to time.

3.3 The Controller shall consult the Processor regarding commercial or other confidentiality issues in relation to the Agreement, however the final decision about disclosure of information or application of exemptions shall rest solely with the Controller.

4. Agreement Variations

Any variation to the terms of this Agreement shall be agreed in writing and signed by the parties.

5. Dispute Resolution

Both signatories shall aim to resolve all disputes, differences and questions promptly by means of co-operation and mediation. Should this fail or the disputes, differences and questions cannot be resolved within 30 calendar days of notification by one party to the other, then the dispute resolutions process in the standard NHS Commissioning contract will be followed. Other terms of that contract will not be applicable to this arrangement. The performance of obligations under this Agreement shall not, save for the matter in dispute, cease or be delayed by the application of any dispute resolution procedure.

6. Liability and Indemnity

Without affecting its liability for breach of any of its obligations under this Agreement, the Processor shall, at all times during and after the termination or expiry of this Agreement, indemnify the Controller, keep the Controller indemnified and hold the Controller from and against all losses, charges, expenses and other liabilities it suffers arising out of the Processor’s loss of the Data or unauthorised or unlawful use of the Data whether arising in negligence or otherwise a breach of this Agreement and including any fine imposed on the Controller by the Information Commissioner by way of civil monetary penalty under the Data Protection Legislation.

7. Agreement Completion

The Controller may terminate this Agreement with immediate effect by written notice to the Processor on or at any time after the occurrence of an event that gives rise to an information security incident or otherwise poses a risk of non-compliance with the data protection principles.

8. Enforcement by Third Parties

The parties to this Agreement do not intend that any terms will be enforceable by the Contracts (Rights of Third Parties) Act 1999 or any equivalent legislation by any person not a party to it.

 9. Invalidity/Severability

If any clause or part of this Agreement is found by any court, tribunal, administrative body or authority of competent jurisdiction to be illegal, invalid or unenforceable then that provision will, to the extent required, be severed from this Agreement and will be ineffective without, as far as is possible, modifying any other clause or part of this Agreement and this will not affect any other provisions of this Agreement which will remain in full force and effect.