Read about how to use our new video consultation feature here!
accuRx is an NHS Digital approved video consultation system.
For more general questions about accuRx's Information Governance and Security policies, please see our overview.
Do you have a DPIA?
As the data controller, when using accuRx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of a template DPIA for video consultations using accuRx.
How does it actually work?
The video consultation service is hosted by Whereby, who are fully compliant with GDPR. The video and audio communication is only visible to participants on the call and is not recorded or stored on any server. The connection prioritises ‘peer-to-peer’ between the clinician’s and patient’s phone and follows NHS best practice guidelines on health and social care cloud security.
A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication of the video consultation is only visible to participants on the call, and is not recorded or stored on any server (not accuRx’s, not Whereby’s and not on any third party's servers).
Is the video call recorded?
No. The video and audio communication is only visible to participants on the call and is not recorded or stored in any form.
Can you tell me more about Whereby's security?
Whereby are based in the European Economic Area (EEA). All communication between the user’s browser, or the patient's browser, and Whereby’s service, is transmitted over an encrypted connection (secure web traffic using HTTPS and TLS or secure websocket traffic or secure WebRTC). Furthermore, the video consultation connection prioritises ‘peer-to-peer’ connections between the clinician’s and patient’s phone over connections via their servers. In some cases, due to NAT/firewall restrictions, the encrypted data content will be relayed through Whereby’s TURN server, but never recorded or stored. In such cases, as long as both the clinician and patient are using their computer devices in the European Economic Area, it is guaranteed that any data hosted on a server is within the EEA in line with NHS best practice guidelines on health and social care cloud security.
How does video consultation compare with a phone call?
The use of video consultation via accuRx is more secure than speaking to patients by phone. The connection prioritises ‘peer-to-peer’ between the clinician’s and patient’s phone in line with the principle of data minimisation. Most phones are Voice over Internet Protocol (VoIP). However, phone connections typically include personal information (such as patient phone number). In contrast, the accuRx video consultation does not use any personal demographic information as it is initiated via a unique URL which does not use any patient or user information. accuRx specifically selected Whereby services to host video consultations because it fulfilled accuRx privacy by design requirements in not using any personal demographic data for the calls.
How does video consultation compare to a face-to-face consultation?
The consultation should be summarised on to the electronic medical record as with a face-to-face or telephone consultation. Healthcare professionals should ensure that this is done as soon as possible if not contemporaneously.
How does it work with patient consent?
The patient agrees to take part in the process by clicking on the link to the video consultation. They can dissent at any point by either not clicking on the link to the video consultation or leaving the video consultation.
What are accuRx's security credentials when it comes to video consultations?
accuRx has successfully completed NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17), and both the Cyber Essentials and Cyber Essentials Plus certification. Cyber Essentials is a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us. accuRx’s sub-processors operate based on Article 28 GDPR-compliant agreements. accuRx data is encrypted in transit via HTTPS and encrypted at rest via TDE. accuRx follow the Microsoft Azure Security and Compliant Blueprint for Platform-as-a-Service web applications, specifically designed for NHS services.
Is it NHS approved?
Yes. We are an NHS Digital approved supplier generally and we are also NHS Digital approved specifically as a video consultation supplier. We have Data Security and Protection Toolkit assurance (ODS code: 8JT17), and have the Cyber Essentials Plus certification.
In response to this guidance, we have built a number of tools to support practices responding to the COVID-19 outbreak. Further information can be found here.
Can I use my personal phone for the consultation?
Yes, as no patient data is stored on the clinician's phone.
If the clinician has a webcam and headset, the video consultation can be conducted on the clinician's desktop PC.