Frequency Asked Questions about the MBRRACE-UK IT deployment

The task of the MBRRACE-UK team, has been to develop an ultra-secure data collection system that can be used in NHS and non-NHS facilities across the UK for three years in the first instance. A very high level of security has to be in place not only for the user data entry at the front end, but also throughout the data capture and storage. When designing the system we had to balance the following:

• Use robust and secure technology that is suitable for the public internet because the system is not just for use in the N3 environment.
• Due to sensitivity of the data, use standards above PCI compliance.
• Ensure that any system would fit a minimum 3 year road map using technology that will have support throughout those 3 years in the first instance.
• Develop a system that is driven by the user experience and is easy to use.
• Acknowledging that some NHS Units are not as advanced in IT infrastructure upgrades; build in a simple secure solution to enable older systems to work with the data capture system.
• Ensure the system meets the requirements of the stakeholder and the governance bodies who nationally have to approve it.
• Provide a solution that has no financial cost for relevant software to the end user.

When designing the system the MBBRACE-UK team looked at lots of different technologies and considered the very real problems of NHS Units being unable to upgrade or keep up with rapid technology change.

One of our main criteria is to have a system that works on supported software that is going to be maintained with security patching. Windows XP and older Internet Explorer browsers are already on extended end of life support and any support is due to finish April 2014. Designing for these systems was not a sustainable option.

Security was the primary consideration and the fact that the system had to be robust across the internet not just within the N3 network. Older solutions were considered, but would have compromised security and functionality, and would not have provided a sustainable system.

The MBRRACE-UK system has been designed to work with modern browsers. The modern browsers are freely available and can be installed in addition to your existing browser without compromising any older systems you may have to run.

The site does not use any protocols that should be blocked in a normal working environment. If you are using one of the recommended modern browsers then the only items that need allowing at firewall level are:

• https (port 443) for https://www.mbrrace.ox.ac.uk/
• www (http, port 80) for http://www.mbrrace.ox.ac.uk/ to redirect to the above

During extensive testing we have visited and spoken to several NHS Units and the system is working on all types of browser.  The system has been tested in various environments and will work on desktops, laptops, tablets and modern mobile devices (although mobile devices are not recommended due to the size of the screen).

The system is secure and will not pose any threat to your current applications or work. The system should have little or no impact on any other IT deployment and meets the standards required to protect patient information. For England and Wales the system has been approved by the National Information Governance Board (NIGB) (and we are dealing with the NIGB successor organisation the Confidentiality Advisory Group, Health Research Authority) and have obtained 100% on the NHS IGToolkit ; our CAG/NIGB reference number is: ECC 5-05 (f)/2012. For Scotland we have approval from the NHS Scotland Caldicott Guardian; a process which involved a full review and approval of our security and data handling procedures.