Hospify is a secure and compliant mobile chat app for healthcare professionals and patients across the UK and EU. It provides users with the simplicity and power of consumer messaging solutions, ensuring that all communication stays within UK & EU legislative guidelines for patient confidentiality and data protection.
In March 2020, after 12 months of rigorous technical and security testing, Hospify was the first industry-wide, general-use healthcare communications platform to be made available in the NHS Apps Library for UK healthcare professionals. Hospify is already being used by 1000s of healthcare professionals at over 100 hospitals across the UK.
Hospify Use Case
Hospify has set out to make secure communication universally accessible not just to just to doctors but to all healthcare professionals and their patients, while ensuring compliance with NHS Information Governance including the NHS Data and Security Protection Toolkit, UK Data Protection Law, GDPR, the ISO27001 information security standard, the DCB0129 Clinical Safety Risk Assessment, and the NICE Evidence Standard Framework.
The Hospify service provides secure individual and group messaging functionality by using Ably’s Pub/sub messaging to publish a stream of realtime data over channels instantly to large numbers of users. To ensure compliance, it does this without storing user message data or patient identifiable information on its servers.
Due to the sensitivity to data payloads, Hospify uses its own TLS encryption model combined with Ably’s token-based authentication to ensure that shared data stays secure and that patient confidentiality is respected. As a result, messages sent to the doctor’s or patient’s mobile device remain secure and can only be seen after entering a PIN.
Solving the EU only storage problem for chat apps in healthcare
During proof-of-concept testing, the team at Hospify discovered that its initial solution for message delivery – a polling mechanism – was insufficient to meet the fast-paced demands of the healthcare environment, and decided that a real-time Pub/Sub messaging platform was required in order to handle long-term scalability.
It was also crucial that any such platform had European data centres, in order to ensure that users’ messages were transmitted in accordance with coming GDPR legislation.
After evaluating various solutions, many of which turned out to be expensive and only available as part of a full enterprise bundle, the team decided to use Ably’s EU-only storage based enterprise solution, which allowed to it to keep all message transmission and storage within the EU and – furthermore – ensure that all messages were deleted within 72 hours of delivery in a regulatory-compliant manner.
Key Technologies used
EU only storage
Guaranteed delivery & ordering
Token Based Authentication
Transport Layer Security
The Ably Solution
Unreliable networks don’t have to mean lost messages for your users
Loss of connection and constant reconnection is a major pain point for a realtime healthcare messaging service trying to make sure that, even in the difficult environment of a large hospital where networks are patchy and users are constantly on the move, messages don’t get delivered in the wrong order or lost altogether. Dealing with these kinds of situations presents a difficult challenge for Hospify.
Hospify was facing the prospect of building out its own engineering solution to address this. But instead the team decided to use Ably’s unique message queueing and ordering feature, which combines with message history to provide robust, correctly ordered message delivery – saving the team significant time and spend and eliminating the need for ongoing dev-ops maintenance.
Ably’s realtime platform achieves this by retaining a connection state when a user gets disconnected, allowing it to continue to receive and store any messages that don’t get delivered until such time that the users’ device can reconnect to the server. It then replays all the messages in a guaranteed order of delivery, making sure that no messages are lost or muddled when clinicians are communicating with their teams or with their patients.