================================================================ BSHC Warfarin Clinic — Security & Data Protection Overview For: Hospital IT Department, Clinical Governance, DPO Prepared by: Eoghan Dinan Version: 1.0 ================================================================ 1. WHAT THIS SYSTEM DOES ================================================================ This is a purpose-built anticoagulation (warfarin) clinic management tool for pharmacists and pharmacy technicians at Bons Secours Hospital, Cork. It replaces manual/spreadsheet-based records with a structured digital system that provides: - Patient registration and demographic records - INR reading logs with trend charts - Dose management (7-day schedule grids) - Recall tracking with overdue alerts - Printable patient summaries - Full audit trail of all user actions 2. ARCHITECTURE (HOW IT WORKS) ================================================================ Type: LOCAL NETWORK WEB APPLICATION (not cloud/internet) Server: One designated hospital PC runs the application as a local web server on port 3000. Clients: All other workstations access it via a web browser at http://[server-ip]:3000 — no software install required on client machines. Internet: NOT REQUIRED after initial setup. The application operates entirely within the hospital's LAN. No data is transmitted externally at any time. Database: SQLite file stored locally at: [install-folder]/data/clinic.db This is a single file on the server computer. 3. AUTHENTICATION AND ACCESS CONTROL ================================================================ User accounts: - Each pharmacist/technician has a unique username + password - Passwords are hashed using bcrypt (industry standard, not stored in plain text under any circumstances) - Sessions expire after 8 hours of inactivity - Session tokens are stored server-side (not in URLs or cookies that reveal user data) Account registration: - New accounts are created from the login screen - No anonymous access — all screens require login - User roles: Pharmacist, Senior Pharmacist, Pharmacy Technician Recommended for production: - Enforce a minimum password length of 12+ characters - Restrict registration to hospital IP ranges (ask developer) - Consider adding 2FA for production use (can be added) 4. DATA CLASSIFICATION AND GDPR ================================================================ Data held: Special category personal data under GDPR (health data relating to identified individuals) Data controller: Bons Secours Hospital, Cork Data location: Solely on the hospital's designated server PC. No third-party processors, no cloud storage. Data subjects: Patients of the warfarin clinic Retention: To be defined per hospital data retention policy Legal basis: Article 9(2)(h) — medical treatment purposes DPO review: Required before live patient data is entered. A DPIA (Data Protection Impact Assessment) is recommended given the nature of the data. IMPORTANT: This system should NOT be used to store real patient data until the hospital's DPO has reviewed and approved it, and IT has approved the hosting environment. 5. AUDIT TRAIL ================================================================ Every action that creates or reads patient data is recorded in an audit log table (audit_events) within the database. Logged events include: - User login (recorded via session creation) - Patient record viewed (action: "view") - Patient record created (action: "create") - Patient record updated (action: "update") - Visit/appointment logged (action: "create") - Patient list accessed (action: "list") Each audit entry records: - Which user performed the action - What action was taken - Which record was affected - Timestamp The audit log is append-only — entries cannot be deleted through the normal application interface. Audit records can be reviewed by accessing: http://[server-ip]:3000/api/audit (requires login) 6. DATA BACKUP ================================================================ Method 1 — File copy (recommended for daily backup): The entire database is in one file: data/clinic.db Copy this file daily to a network share or backup drive. IT can automate this with a Windows scheduled task. Recovery: stop server, replace file, restart server. Method 2 — JSON export: Visiting http://[server-ip]:3000/api/audit/export (logged in) downloads a complete JSON export of all patients, appointments, users, and audit events. Store on a secure network location. Recommended backup schedule: - Daily automated copy to a network backup location - Weekly export of JSON backup to a second location - Monthly test restore to verify backup integrity Recovery time: Under 5 minutes (copy file back, restart service) 7. NETWORK SECURITY ================================================================ The application: - Binds to 0.0.0.0:3000 (all network interfaces) - Should be placed behind the hospital's existing firewall - Access should be restricted to hospital LAN only - Port 3000 should NOT be exposed to the internet - Consider a simple reverse proxy (nginx) if HTTPS is required For HTTPS (encrypted in transit, recommended): - Place nginx or IIS in front of the application - Use a hospital-issued SSL certificate - This is a configuration task for IT (not a code change) - The application is ready for this setup out of the box 8. SERVER REQUIREMENTS ================================================================ Minimum: - Windows 10/11 PC (or Windows Server 2016+) - Node.js LTS (v18 or v20+) installed - 512 MB RAM available - 1 GB disk space - Connected to hospital LAN Recommended: - Dedicated PC or small server that stays on during clinic hours - Configured to start the application automatically on boot (via Windows Task Scheduler or NSSM service wrapper) - UPS (uninterruptible power supply) to prevent database corruption during power loss The application uses SQLite's WAL (Write-Ahead Log) mode, which provides crash safety — a power loss will not corrupt existing data. 9. SOFTWARE STACK (for IT review) ================================================================ Runtime: Node.js (open source, MIT licence) Server: Express.js (web framework) Database: SQLite via better-sqlite3 (embedded database) Auth: express-session + connect-sqlite3 + bcryptjs Frontend: React (compiled to static files, served by Express) No external CDN dependencies at runtime All dependencies are open source and widely used in production healthcare applications globally. Full dependency list available in package.json and can be reviewed for known vulnerabilities using: npm audit 10. DEVELOPMENT HISTORY AND CONTACT ================================================================ Designed and built by: Eoghan Dinan Prototype: HTML/CSS/React (single-page prototype) Production version: Full-stack Node.js application with SQLite database, server-side auth, and audit trail This system is currently in PILOT stage. It must be reviewed and approved before real patient data is entered. The developer is available to answer technical questions from the IT department or clinical governance team. 11. RECOMMENDED NEXT STEPS FOR IT APPROVAL ================================================================ 1. Review this document and the application codebase 2. Conduct a DPIA (Data Protection Impact Assessment) 3. Obtain DPO sign-off 4. Identify the designated server PC 5. Configure automatic backups to a network share 6. Configure automatic startup of the server process 7. Optionally set up HTTPS via reverse proxy 8. Run a pilot with a small number of fictional/test patients 9. Train staff on the system 10. After pilot sign-off, migrate existing records and go live ================================================================ END OF DOCUMENT ================================================================