accuRx is an approved NHS Digital supplier. AccuMail is compliant with the NHS Secure Email Standard (DCB 1596) published by NHS Digital. We have followed the secure email accreditation process to ensure patient sensitive and confidential information is kept secure.
For more general questions about accuRx's Information Governance and Security policies, please see our overview.
Do you have a DPIA?
As the data controller, when using accuRx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of a template DPIA for GP practices and for other healthcare organisations.
How secure is email?
NHS emails are considered secure if they are compliant with the NHS Secure email standard (DCB 1596). accuRx has undertaken self-accreditation with this standard to ensure that any personal confidential data exchanged electronically is encrypted end-to-end.
End-to-end encryption means that only you and your intended recipient can access and read the email, ensuring personal or confidential information is secure and preventing it from interception or falling into the wrong hands.
As all outgoing emails are sent via the accuRx nhs.net inbox to trusted domains, emails are automatically encrypted end-to-end and therefore compliant and secure.
Who has access to the patient data?
All accuRx users are authenticated by requiring:
- NHS mail to register for an account
- EMIS Web or TPP SystmOne profiles
- Approval from an administrator from their GP Practice.
This ensures that only approved users, who are currently working at the practice, can access the email feature. All patient information is pulled from Emis Web or SystmOne, ensuring users can only access data of patients registered at their GP practice.
All outgoing emails are sent via the accuRx nhs.net inbox to trusted domains.
What is a trusted domain?
Users can currently send emails to trusted email domains including nhs.net, secure nhs.uk, pnn.police.uk and gov.uk addresses only. These are considered trusted domains as they are compliant with DCB 1596 and can ensure the email is sent with end-to-end encryption.
NHS Digital maintains an allow list of secure nhs.uk email addresses that have undergone accreditation. This list is kept up to date by NHS Digital and the organisation must review their accreditation on an annual basis. You can see the list of approved organisations here.
If the nhs.uk email address you want to contact is not on the above list we are unable to support this email address. This is because emails sent from nhs.net to nhs.uk email addresses may not be secure. Emails sent from nhs.net to nhs.net are secure.
What measures are in place to protect patients and their data?
- Users have to agree to an acceptable use policy when they log into the accuRx platform.
- The accuRx email inbox is monitored by the Clinical Lead to ensure emails are matched and tracked appropriately and important emails are not missed.
- Full audit trails are kept of all emails sent and received.
- Outgoing emails are saved to the patient record, replies can be edited and saved at the users discretion if containing sensitive information.