Legal Statement

The software is in early proof of concept for development purposes and should not be used as-is in a live environment without further redevelopment and/or testing. No warranty is given and no real data or personally identifiable data should be stored. Usage and its liabilities are your own.

The software is licensed under the AGPLv3 license and the source-code can be found on GitHub.

Any images used in the platform are attributed where necessary. Icons8 is used for illustrations in some areas of the website.

System developed by Shubham Jain, Mateusz Zielinski, and Matthew Schulz.
Clients and organisations: Dr Joseph Connor (NHS, IXN).
Supervisors and Teaching Assistants: Binghao Chai (UCL).
University College London.

Data Privacy Considerations

The system as-is collects minimal personally identifiable information. To register and/or login and therefore use the system, an email address and password is required; names are not required. Passwords are stored securely using PBKDF2 (with hashing and salting).

Examples of other information that may be logged when using the website include the Internet Protocol (IP) address used when connecting to the website, user agents (e.g., browser type, version, etc.), operating systems, etc.

The platform may also store data in your browser in the form of cookies to use the website.

All electronic data resides in the UK and is only controlled by the platform administrator(s). No data is exported or processed elsewhere unless you have provided consent.

Our platform complies with the Caldicott 7 Rules, with data privacy considerations being our priority since the start of development as our platform is designed for healthcare professionals.

Every use of personally identifiable data in the platform is lawful and justified; minimal personal confidential data is stored — only user email addresses are needed to identify users, and not names. All confidential data is handled by the administrator(s) who is responsible for ensuring that the organisation complies with legal requirements. Administrators who have access to personal confidential data are aware of their responsibilities which is reiterated when they manage users on the platform via the following message: "No users should be added to this system unless you have authorisation from your Information Governance Team and you have read your organisation's Privacy Policy".

Sustainability

This platform is currently hosted on a Linode VPS (Virtual Private Server) instance, provided to us and paid for by our client. No other costs are currently required to host the platform.

With regards to environmental sustainability, Linode does not operate its own data centers. In London (our VPS location), Equinix is their data center upstream provider ([source: Linode]). In 2019, Equinix achieved 100% renewable energy use in Europe. See Equinix's dedicated sustainability page for more details: https://sustainability.equinix.com/environment/renewable-energy/.

Current Development Practices

During this project, we followed certain development practices:

• Only the core developers (our team) have write access to the main branch, therefore only changes that we are aware about can be continuously deployed.

• All Pull Requests must be reviewed by at least one other team member.

• We follow the WAI-ARIA guidelines and WCAG for accessibility .

Further Potential Considerations

As this project is a proof-of-concept, there are additional considerations that may be made before using in production:

• Regular, offsite backups of data

• Security policies should be defined for system administrators

• The codebase and its dependencies should be kept up to date

• External contractors may perform penetration tests on the platform to test its security

• System administrators should have their actions logged to provide accountability

Depencency Table