Skip to main content

Accurx Scribe: Governance and compliance requirements for using Accurx Scribe

Before you start using Accurx Scribe, your organisation must complete some important governance and compliance steps

Sameera avatar
Written by Sameera
Updated yesterday

These steps ensure that the use of the new functionality is safe, legal and meets NHS standards.

Checklist: what you need to do

Accept the Accurx DPA

Review Accurx’s Clinical Risk Assessment (DCB0129)

Complete your own Clinical Risk Assessment (DCB0160)

Complete and record a DPIA

1. Accept the Data Processing Agreement (DPA)

What is it?

A legal contract between your organisation (Data Controller) and Accurx (Data Processor) that governs how patient data is handled under GDPR.

Why is it important?

It is a mandatory legal requirement under data protection laws.Without a DPA, your organisation risks non-compliance.

Where to find it:

  • This will be linked from the in-product landing page that is visible to users within your organisation when you first click on Accurx Scribe.

  • An approved user must accept the DPA during the opt-in process to enable the functionality for your organisation.

  • Your organisation wont be able to access the functionality until this has been accepted.

  • A copy of Accurx's DPA is available on our website

  • You can also view Accurx's list of sub-processors and security measures

2. Review clinical risk management assessment (DCB0129)

What is it?A document showing that the AI tool has been safely built and tested, meeting NHS safety standards (DCB0129).

Why is it important?

Demonstrates compliance with mandatory NHS digital safety requirements.

Where to find it:

Contact our User Support team at support@accurx.com or use the in-product support chat to request a copy.

3. Complete your organisation’s clinical risk management assessment (DCB0160)

What is it?

Evidence that your organisation is ensuring safe use of the AI tool in patient care.

Why is it important?

This is part of a mandatory NHS safety process (called DCB0160). It applies every time you use software that can influence patient care.

What you need to do:

  • Appoint a Clinical Safety Officer (e.g., a GP or senior nurse)

  • Run a risk assessment workshop

  • Create a hazard log listing potential risks and mitigations

  • Document procedures for staff to raise safety concerns

4. Complete a Data Protection Impact Assessment (DPIA)

What is it?

A formal assessment of risks to patient privacy under UK GDPR.

Why is it important?

Helps identify and manage risks before using the tool with patients.

What your DPIA should include:

  • Description of what the AI tool does and the type of data processed

  • Whether data is identifiable, pseudonymised, or anonymised

  • Identified risks to privacy and mitigations (e.g., encryption, staff training)

  • Information about data residency (UK or overseas)

Support:

Example DPIAs are available on our website to assist you: Accurx DPIAs

If you still have any questions or concerns, feel free to chat with us using the green message bubble in the bottom right-hand corner of this page. 👉

Related Articles
Privacy and Security: Video Consultations
Privacy and Security: Accurx Web
Privacy and Security: Accurx Desktop
Privacy, Information Governance and Security: An Overview
Accurx Scribe: Privacy and Security FAQs
Did this answer your question?