We are an NHS Digital-approved supplier as well as an NHS Digital-approved supplier for video consultations.

For more general questions about Accurx's Information Governance click here; and Security follow the link here.

As the data controller, when using Accurx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of a template DPIA for Accurx Web.

Healthcare practitioners are either authenticated by being required to log in via NHSmail Single Sign-on (SSO) and having their associated organisation (in SSO) matched to an allowlist of all community and acute trusts, or Vision and Microtest practices, or they have an allowlist of Trust email address.

Users can only access patient data via the Accurx integration with the Personal Demographic Service (PDS) if they have both the patient’s NHS number and date of birth. To ensure accuracy and data minimisation, the only data returned is the patient’s name, gender and the last three digits of the patient’s mobile. This means that the user has the minimum information to verify that this is the correct patient.
​
The PDS search (NHS number and DoB) must return an exact match, so a user could not put in random NHS numbers, or search for a patient by name. The only personal data returned from PDS is the name, gender, and last three digits of the mobile number. The name is used to personalise the message and to confirm that the correct patient is chosen. An individual in possession of the NHS number and DoB would also have the name and gender. Name, DoB and NHS number make up the standard set of demographics. The mobile number is obfuscated except for the last three digits so that the number can be verified with the patient or another system.

The video consultation service is hosted by Whereby, which is fully compliant with GDPR.

A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication is only visible to participants on the call and is not recorded or stored on any server. The connection prioritises ‘peer-to-peer’ between the clinician’s and patient’s phone and follows NHS best practice guidelines on health and social care cloud security. For a more detailed explanation of how the security around the video consultations works, follow this link here.

No. The video and audio communication is only visible to participants on the call and is not recorded or stored in any form.

Your phone number is used to send you an SMS containing the link for the video consultation. Your phone number is not shared with the patient, or linked to your Accurx account.

Yes, as no patient data is stored on the clinician's phone.
​
If the clinician has a webcam and headset, the video consultation can be conducted on the clinician's desktop PC.

Yes. We are an NHS Digital approved supplier and also specifically an NHS Digital approved video consultation supplier. Accurx has successfully completed NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17), and has the Cyber Essentials Plus certification.

In response to this guidance, we have built many tools to support practices responding to the COVID-19 outbreak. Further information can be found here.

If you still have any questions or concerns, feel free to chat with us using the green message bubble in the bottom right-hand corner of this page. 👉