Skip to main content
All CollectionsPrivacy, Information Governance & Security
Privacy, Information Governance and Security: An Overview
Privacy, Information Governance and Security: An Overview

An overview of how IG and data security works at Accurx

John F avatar
Written by John F
Updated this week

We take Information Governance and data security very seriously at Accurx. We know how important it is for the safety of our users and their patients and make sure that it is at the forefront of everything we do.

Is Accurx secure to use?

We have completed NHS England’s thorough assurance process so we can be bought/used by healthcare organisations in England. We have been assured and comply with the high data privacy/security and clinical standards set in NHS England’s Digital Care Services Catalogue.

What security credentials does Accurx have?

Accurx has successfully completed NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17), and both the Cyber Essentials and the Cyber Essentials Plus* certification. We are also ISO27001 certified.

We are fully compliant with DCB0129, which is for manufacturers of health IT software such as Accurx, and we have been assured by NHS Digital against this standard.

Is Accurx UK GDPR compliant?

We comply with GDPR and all NHS rules and regulations on IG. You can find more information here on our Security for Healthcare Professionals page, and the Privacy, Information Governance & Security Centre.

Do you have a DPIA?

As the data controller, when using Accurx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:

How secure are video consultations?

We have completed NHS England’s thorough assurance process so we can be bought/used by healthcare organisations in England. We have been assured and comply with the high data privacy/security and clinical standards set in NHS England’s Digital Care Services Catalogue.

A unique URL to the video consultation is generated and all participants are visible in the consultation, no third party can 'listen in'. The video and audio communication of the video consultation is only visible to participants on the call and is not recorded or stored on any server.

For more detailed information about the security of video consultations, please follow the link here.

Is it secure to send documents by text?

Links to files or documents sent via SMS by healthcare staff directly to a patient’s mobile phone are encrypted in transit via HTTPS and responses are encrypted at rest via TDE. Patients are also asked to input their date of birth as identity verification, before being able to access the document.

Where a link to sensitive data is shared (e.g. to a document), the patient has to verify their identity by typing in the date of birth.

For more detailed information on sending texts and documents with Accurx, please follow the link here.

Who has access to patient data and what data do they have access to?

The answer to this question will depend on whether you are part of a GP practice or another healthcare organisation.

If you still have any questions or concerns, feel free to chat with us using the green message bubble in the bottom right-hand corner of this page. 👉


*Cyber Essentials is a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us. Accurx’s sub-processors operate based on Article 28 GDPR-compliant agreements. Accurx data is encrypted in transit via HTTPS and encrypted at rest via TDE. Accurx follows the Microsoft Azure Security and Compliant Blueprint for Platform-as-a-Service web applications, specifically designed for NHS services.

Did this answer your question?