Information governance and data protection standards
Keeping data safe
We have always put data protection and security at the heart of our business.
In our role as data processors of patient data, we make sure we strictly comply to the highest standards of NHS and GDPR governance – in fact it’s so central to what we do, that it’s a founding principle of our company.
Patient data and eMR technology
We are not alone in this commitment. Maintaining the highest data protection standards is a major priority for all GP practices, who are the data controllers of the patient data associated with their practice/s.
Similarly, third party organisations, such as insurance companies, who make requests for medical information to GP practices, on behalf of their customers, also operate as data controllers of individuals’ personal data.
The eMR technology software we’ve developed which GP surgeries and third-party clients use, incorporates strict GDPR protocols and adheres to the highest data security standards.
Any data processed within eMR is:
- Only processed under the consent of the patient/individual concerned
- Redacted so that no third party and sensitive information is contained
- All data is fully encrypted and securely stored in data centres in the UK.
Our commitment as data processors
The role of data processors is set out on the Information Commissioner’s Office (ICO) website.
We have a duty to protect people’s personal data – and we only process it with patient consent and behalf of the data controller (in our case, this means on behalf of GP practices and third-party clients).
Our information governance credentials:
- NHS England GP IT Futures catalogue
- NHS Digital IM1 platform
- NHS Digital Data Security and Protection Toolkit - 8JQ49
- ISO/IEC 27001:2013 Certified - IS 744869
- NHS HSCN
- DPIA – NHS Data Protection Impact Assessment
- Cyber Essentials
- AWS Partner Network (APN)
- EMIS Health accredited partner
- GDPR regulations
- ABI code of conduct
- ICO registered number ZA353121