(01209) 710999
INRstar N3 Help

INRstar Migration to New Cloud-First Technology FAQs

LumiraDx Care Solutions are planning to migrate INRstar from its current location to a new Cloud-First technology. This move aligns with the NHS Architectural principle of Public Cloud First. Cloud-First technology offers enhanced security, increased reliability, and improved system performance at peak times. Enabling us to provide a robust service for our clinicians and patients whilst providing confidence that the data we have is held safely and securely.

During this move, the data residency will remain in England in a UK Government approved data centre. The data will not be modified in any way, and the way it is processed will remain the same following the migration.

As these changes affect the data held for a number of your patients who have undergone or currently undergoing anticoagulant care, it is important that you provide sufficient information to anyone who has a record held on the system to inform them about their data being moved and remind them (as the Data Subjects) of their Data Subject rights under the General Data Protection Regulations (GDPR) 2018.

Our Privacy Policy can be found here and the Data Protection Impact Assessment document can be found using this link.

If patients wish to exercise their rights under GDPR, they will need to contact your practice as Data Controller in the first instance.

The migration is now scheduled for 30th July 2021. This will mean that INRstar will not be available to our customers during the migration; users will not be able to access INRstar between 18:00 Friday 30th July 2021 and 08:00 Monday 2nd August 2021.

LumiraDX Care Solutions take data protection very seriously, and due to the collection of comprehensive technical, organisational, and customer managed controls embedded in our processes, have successfully retained ISO 27001 accreditation. Various information security and privacy certificates have been confirmed as part of the supplier evaluation process for our new public cloud provider, and there is no change in how data is being processed to provide anti-coagulation treatment.  

Yes. INRstar is categorised as a General IVD Medical Device under the IVD Medical Device Directive 98/79/EC of the European Parliament. 

  • There will be a short period of downtime while the data is migrated.  This is planned to take place outside of working hours, and we do not envisage this impacting on GP Practices or patients   
  • INRstar locations that have previously whitelisted URLs or IP addresses to enable access to INRstar should check that both of the URLs below are whitelisted: 

       https://nww.inrstar.thirdparty.nhs.uk 

       https://nww.reporting.inrstar.thirdparty.nhs.uk 

  • Any INRstar locations who have whitelisted an IP range should arrange for this to be changed to the URLs above, as the IP address is likely to change 

  • If support is required with this, please contact your local IT Support or Network Administrator 

We do not anticipate any issues with data flow between INRstar and Patient Administration Systems such as EMIS, SystmOne and Vision, and INRstar will remain on HSCN 

The data controller, or data subject, can submit a Subject Access Request (SAR) and request their data no longer be processed either by individual record, location or contract. The patient will no longer be able to have their care managed within this system if they withdraw. 

Patients should contact their care team in the first instance if they wish to exercise their right to withdraw from INRstar to discuss any risks, and how they will have their anticoagulation care needs managed and monitored moving forwards. 

INRstar does not use third parties outside of the EU, which is fully aligned with the DPA 2018 / GDPR. This migration is UK to UK only also. 

The only third parties outside the UK which may, under very specific conditions and with clear legitimate interest, are LumiraDx group subsidiaries. 

To support the delivery of this project, the internal project team have produced a communication plan to ensure that our customers are provided with notice of the planned change ahead of time, and to ensure that key documents, such as the DPIA, are made available. The plan includes a series of email communications to existing and historical customers, a published set of Frequently Asked Questions, and technical information for local IT teams supporting the practices.  

A high-level summary of the risk assessment can be provided on request 

Our current provider has provided us a number of virtual drives of which we store encrypted identifiable data and unencrypted non-identifiable data (such as operating systems). These virtual drives are deleted which makes the data virtually unidentifiable, and as part of large storage arrays with other customers, irrevocable. Over time this data is overwritten fully as the shared pool is used by other customers. Other customers will not be able to read data from the deleted virtual drives, nor able to access existing drives - new drives created for customers overwrite existing unstructured data. 

There has been no manifest change, and details remain the same.  An updated version is not essential at this time 

No - it is down to the data controller to ascertain if they believe their patients would want to be notified. We have made reasonable efforts to notify data controllers, and ensure the project does not manifestly change how patient identifiable data is processed. The product is not being changed as part of the transfer project, nor is data leaving the UK / EU. 

No - it is down to the Data Controller to make the decision whether patients would want to be notified of the change (see 'Is is an essential requirement to inform patients of the change?') based on the information we provide and, where necessary, work with INRstar locations to produce information for patients. This project, apart from the brief downtime, does not have an impact or change the anticoagulation service for patients in any way 

There are no changes to the clinical system itself, or logic within, and so should not result in any changes to patient management in anyway. The average end user will not see a difference here, and a full Clinical Risk Assessment has been undertaken. 

Detailed information on how to produce a current patient list can be found here 

Hi,

We are writing to you as Data Controllers for data held in the INRstar Anticoagulation Management system and engage-self-care app.

INRstar is planning to move data from one location to another, remaining within the UK. This move aligns with the NHS Architectural principle of Public Cloud First, to improve security, reliability, and increase system performance at peak times. Enabling the provision of a robust service for clinicians and patients whilst providing confidence that the data held is safe and secure.

During this move, the data will remain in the UK in a UK Government approved data centre.

Importantly, your data will not be modified during the migration unless authorised by your care team and will only be processed in accordance with the existing privacy policy.

The migration is scheduled for the 30th July 2021, although this is subject to change.

The legal information can be found on the INRstar website.

If you have any questions please contact your care team in the first instance, or INRstar on support@lumiradx.co.uk – please be aware they are unable to access your patient data or provide any form of treatment or medical advice.

Regards,


Category: FAQs
 FAQ