All Collections
Information Governance and Security
Information Governance and Security: An Overview
Information Governance and Security: An Overview

An overview of how IG and data security works at Accurx

John F avatar
Written by John F
Updated over a week ago

We take Information Governance and data security very seriously at Accurx. We know how important it is for the safety of our users and their patients and make sure that it is at the forefront of everything we do.

Is Accurx NHS approved?

What security credentials does Accurx have?

Accurx has successfully completed NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17), and both the Cyber Essentials and the Cyber Essentials Plus* certification. We are also ISO27001 certified.

We are fully compliant with DCB0129, which is for manufacturers of health IT software such as Accurx, and we have been assured by NHS Digital against this standard.

Is Accurx GDPR compliant?

We comply with GDPR and all NHS rules and regulations on IG. You can find more information here on our IG for Staff page and the IG Resource Centre.

Do you have a DPIA?

As the data controller, when using Accurx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:

How secure are video consultations?

We are an NHS Digital approved video consultation supplier as we have been assured and comply with the high standards set in the GP IT Futures framework.

A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication of the video consultation is only visible to participants on the call, and is not recorded or stored on any server.

For more detailed information about the security of video consultations, please follow the link here.

Is it secure to send documents by text?

Links to files or documents sent via SMS by healthcare staff directly to a patient’s mobile phone are encrypted in transit via HTTPS and responses are encrypted at rest via TDE. Patients are also asked to input their date of birth as identity verification, before being able to access the document. The document is only accessible for 14 days.

Where a link to sensitive data is shared (e.g. to a document), the patient has to verify their identity by typing in the date of birth.

For more detailed information on sending texts and documents with Accurx, please follow the link here.

Who has access to patient data and what data do they have access to?

The answer to this question will depend on whether you are part of a GP practice or another healthcare organisation.

If you still have any questions or concerns, feel free to chat with us using the green message bubble in the bottom right-hand corner of this page. 👉


*Cyber Essentials is a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us. Accurx’s sub-processors operate based on Article 28 GDPR-compliant agreements. Accurx data is encrypted in transit via HTTPS and encrypted at rest via TDE. Accurx follows the Microsoft Azure Security and Compliant Blueprint for Platform-as-a-Service web applications, specifically designed for NHS services.

Did this answer your question?