Skip to main content
Privacy and Security: Accurx Desktop

A more detailed look at security and Information Governance for Accurx Desktop

John F avatar
Written by John F
Updated over a week ago

For more general questions about Accurx's Security and Privacy, follow the link here.

Who has access to the patient data and what data do they have access to?

Users are authenticated by requiring: an NHS email (nhs.net or nhs.uk) to register for an account; EMIS, SystmOne or Vision profiles; and, an administrator at their organisation to approve them. This is to prevent people who do not actually and currently work at the provider organisation from accessing the Accurx system. Furthermore, patient demographic data is only pulled from either EMIS, SystmOne or Vision principal care systems. This ensures that a user can only access data of patients registered at their organisation.

What measures are in place to protect patients and their data?

  • Users have to agree to our Acceptable Use Policy that includes confirming that the service not be used to communicate SMS messages that are sensitive or clinically urgent.

  • Full audit trails are kept of all user activity for clinical safety purposes.

  • Accurx scans SMSs for abusive content and flags to its Clinical Lead if any are detected.

  • Any video consultations are not recorded or stored.

How secure are the video consultations?

The video consultation service is hosted by Whereby, which is fully compliant with the UK GDPR.

A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication is only visible to participants on the call and is not recorded or stored on any server. The connection prioritises ‘peer-to-peer’ between the clinician’s and patient’s phone and follows NHS best practice guidelines on health and social care cloud security. For a more detailed explanation of how the security around video consultations works, follow the link here.

Are they recorded?

No. The video and audio communication is only visible to participants on the call and is not recorded or stored in any form.

How is my personal mobile number used?

Your phone number is used to send you an SMS containing the link for the video consultation. Your phone number is not shared with the patient, or linked to your Accurx account.

Can I use my personal phone for the consultation?

Yes, as no patient data is stored on the clinician's phone.

If the clinician has a webcam and headset, the video consultation can be conducted on the clinician's desktop PC.

How do patient responses work?

Patient questionnaire links are sent via SMS directly to a patient’s mobile phone. The links are encrypted in transit via HTTPS and responses are encrypted at rest via TDE. Patients are also asked to input their date of birth as identity verification, before being able to access the survey.

Is it safe to send documents over text?

Links to files or documents are sent via SMS by healthcare staff directly to a patient's mobile phone. When a patient clicks on the link, the connection to access the document is encrypted in transit using HTTPS. The documents themselves are stored on our servers with Transparent Data Encryption (TDE) at rest. Before accessing the document, patients are required to input their date of birth for identity verification.

Is Accurx NHS-approved?

Yes. We are an NHS Digital-approved supplier and also specifically an NHS Digital-approved video consultation supplier.

Accurx has successfully completed NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17).

If you still have any questions or concerns, feel free to chat with us using the green message bubble in the bottom right-hand corner of this page. 👉

Did this answer your question?