We take Information Governance and data security very seriously at Accurx. We know how important it is for the safety of our users and their patients and make sure that it is at the forefront of everything we do.

We are an NHS Digital approved supplier.

Accurx has successfully completed NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17), and both the Cyber Essentials and the Cyber Essentials Plus* certification. We are also ISO27001 certified

We are fully compliant with DCB0129, which is for manufacturers of health IT software such as Accurx, and we have been assured by NHS Digital against this standard.

We comply with GDPR and all NHS rules and regulations on IG. You can find more information here on our IG for Staff page and the IG Resource Centre.

As the data controller, when using Accurx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:

We are an NHS Digital approved video consultation supplier as we have been assured and comply with the high standards set in the GP IT Futures framework.

A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication of the video consultation is only visible to participants on the call, and is not recorded or stored on any server.

For more detailed information around the security of video consultations, please see here.

Links to files or documents sent via SMS by healthcare staff directly to a patient’s mobile phone are encrypted in transit via HTTPS and responses are encrypted at rest via TDE. Patients are also asked to input their date of birth as identity verification, before being able to access the document. The document is only accessible for 14 days.

Where a link to sensitive data is shared (e.g. to a document), the patient has to verify their identity by typing in the date of birth.

For more detailed information on sending texts and documents with Accurx, please see here.

The answer to this question will depend on whether you are part of a GP practice or another healthcare organisation.

----

*Cyber Essentials is a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us. Accurx’s sub-processors operate based on Article 28 GDPR-compliant agreements. Accurx data is encrypted in transit via HTTPS and encrypted at rest via TDE. Accurx follow the Microsoft Azure Security and Compliant Blueprint for Platform-as-a-Service web applications, specifically designed for NHS services.