You can request photos from patients in our EMIS & SystmOne integrated product, Chain - see here for more details on how to do this!
This article talks through some questions related to security and information governance of photos and storage.
Do you have a DPIA?
As the data controller, when using accuRx, it is your responsibility to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of a template DPIA for requesting patient photos using accuRx.
Should I save photos submitted by patients to record?
Use your clinical judgement to decide whether a photo should be added to the medical record.
For example if you think a photo will help document your clinical decision, or help track the progression of a wound, then you could decide to save it. Whereas if a photo is sensitive and you would prefer that colleagues didn’t see it, you may decide not to save it to the record.
Am I allowed to save patient photos to the record under GDPR?
Yes - as with the processing of other patient data, the lawful basis for processing and saving photos submitted by the patient is the provision of health care or social care services: 9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’
Where and how are photos stored?
AccuRx data (including photos) is hosted on Microsoft Azure servers in their London Data Centre. All data sent is encrypted when in transit (when it is sent) and at rest (when it is stored). AccuRx follows the Microsoft Azure NHS Blueprint for Platform-as-a-Service web applications, specifically designed for NHS services. See here and here for further information.
How long are photos stored for?
Patient images - along with other patient data - are kept in line with the Records Management Code of Practice for Health and Social Care 2016. These require us to hold records on behalf of GP practices until 10 years after a patient has died. However, we would delete the data earlier than suggested by this code if we are informed that the condition of Article 9(3) GDPR and s. 11(1) Data Protection Act 2018 no longer applies: “that the circumstances in which the processing of personal data is carried out... [is] by or under the responsibility of a health professional or a social work professional”.
Can accuRx access patient photos?
This is not routinely possible. However, as with other record systems, we are required to be able to access patient data in exceptional circumstances to fulfil our legal obligations as a data processor, such as assisting the data controller in providing subject access and allowing data subjects to exercise all their other rights under the GDPR. If such access is required, only designated AccuRx staff can access the data we store on the London Microsoft Azure Data Centre servers. Extensive controls are in place, a full audit trail is kept, and no staff member would view any photos as part
of this process.
Can I delete photos from AccuRx?
Yes, you can delete a photo once it has been received, so that it is not visible to colleagues viewing the patient’s communication record.
We follow NHS Digital IG requirements, which require us to keep a photo for audit trail purposes, even if you have deleted the file. We can only physically (i.e. permanently and completely) delete a photo from the audit trail that we hold in response to court orders or other legislative circumstances. Physical deletion of any communication using AccuRx (including photos) can only be carried out in response to a specifically authenticated and validated request from an organisation’s Caldicott Guardian or Privacy Officer, co-signed by a senior clinical representative.
Is accuRx NHS approved?
We are an NHS Digital approved supplier.
What security credentials does accuRx have?
We are fully compliant with DCB0129, which is for manufacturers of health IT software such as accuRx, and we have been assured by NHS Digital against this standard.
N.B. DCB0129 applies to AccuRx products but DCB0160 does not.**