We take Information Governance and data security very seriously at accuRx. We know how important it is for the safety of our users and their patients and make sure that it is at the forefront of everything we do.

Is accuRx NHS approved? 

We are an NHS Digital approved supplier.

What security credentials does accuRx have? 

accuRx has successfully completed NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17), and both the Cyber Essentials and the Cyber Essentials Plus* certification.

We are fully compliant with DCB0129, which is for manufacturers of health IT software such as accuRx, and we have been assured by NHS Digital against this standard. 

N.B. DCB0129 applies to AccuRx products but DCB1060 does not.** 

Is accuRx GDPR compliant?

We comply with GDPR and all NHS rules and regulations on IG. You can find more information here on our IG for Staff page and the IG Resource Centre.

Do you have a DPIA?

As the data controller, when using accuRx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:

  • Chain (for GPs on EMIS and SystmOne)
  • Fleming (for users of our standalone web product)

How secure are video consultations?

We are an NHS Digital approved video consultation supplier as we have been assured and comply with the high standards set in the GP IT Futures framework

A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication of the video consultation is only visible to participants on the call, and is not recorded or stored on any server. 

For more detailed information around the security of video consultations, please see here.

Is it secure to send documents by text?

Links to files or documents sent via SMS by healthcare staff directly to a patient’s mobile phone are encrypted in transit via HTTPS and responses are encrypted at rest via TDE. Patients are also asked to input their date of birth as identity verification, before being able to access the document. The document is only accessible for 14 days.

Where a link to sensitive data is shared (e.g. to a document), the patient has to verify their identity by typing in the date of birth. 

For more detailed information on sending texts and documents with accuRx, please see here.

Who has access to patient data and what data do they have access to?

The answer to this question will depend on whether you are part of a GP practice or another healthcare organisation. 

  • For more detail on secure messaging and video consultations using accuRx Chain see here
  • For more detail on secure messaging and video consultations using accuRx Fleming see here.

----

*Cyber Essentials is a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us. AccuRx’s sub-processors operate based on Article 28 GDPR-compliant agreements. AccuRx data is encrypted in transit via HTTPS and encrypted at rest via TDE. AccuRx follow the Microsoft Azure Security and Compliant Blueprint for Platform-as-a-Service web applications, specifically designed for NHS services.

** DCB1060 is a standard for health organisations to meet in the deployment, use, maintenance or decommissioning of Health IT Systems within the health and care environment.

No certificates are issued against DCB0129 or DCB1060. They are clinical risk management standards that should be met. 

Did this answer your question?