Lifelight’s data source is derived from the signal that is picked up from the patient’s face. A signal is detected by Lifelight First from analysing tiny colour changes of the face with each pulse beat. This is turned into a stream of red, green and blue (RGB) average numbers. The face is, effectively, pixelated then the anonymised colour signal is sent to the Amazon Web Service (AWS) for processing by Lifelight First’s algorithms.
AWS is one of the world’s largest cloud infrastructures. Delivering enterprise-grade security with a 99.5% guaranteed uptime, the AWS cloud platform also meets a broad set of international and industry specific compliance standards, including, ISO/IEC 27001:2013, 27017:2015 and 27018:2014.
Lifelight First is hosted on AWS, located within the EEC (European Economic Community).
The data processed is a combination of the waveform signal as derived from the mobile device’s camera plus anonymous biometric data (age, height and sex). This is sent to the AWS for processing by the Lifelight First algorithms. Five data items are sent back to the Lifelight First application (blood pressure, pulse, respiration, SpO2 and AF – coming soon). These appear on the screen along with the signal quality measure which indicates reliability as a safety feature.
The patient’s age, height and sex are captured to help the Lifelight First algorithm to accurately calculate systolic and diastolic blood pressure.
It is important to emphasise that although the Lifelight First application captures height age and sex, it is not associated with the patient as there is no other personal identifiable data captured – e.g. name, email address, NHS number, fingerprint, etc. The device will wipe this information immediately after Lifelight First has sent the RGB stream to the AWS for processing.
In this respect, the data processing is considered to be very low risk as there is no threat to the rights and freedoms of the data subject (typically, the patient) when a clinician uses Lifelight First. In many respects it is very similar to taking an individual’s temperature with a thermometer.
In the context of a standalone system no data is saved on the device. This data is stored on the server for quality control and to provide data for the continued testing of quality and efficacy of the algorithm (machine learning).
Lifelight First is not the data controller – the data controller is the employer of the user conducting the test (e.g. clinic, hospital, care home etc.) and they will process data using the appropriate legal pathway.
Lifelight First is registered with the ICO (Information Commissioner’s Office in the United Kingdom).