Deletion from the audit trail

Patient data used in Accurx products is protected with the same high security standards we use for all data. We build the platform in line with NHS Digital Information Governance Standards that require us to keep records following the Records Management Code of Practice for Health and Social Care and retain an audit trail of all data that passes through our communication platform (specifically GP-IG-11-3 and GP-IG-11-4). This audit trail includes patient data.

Practices remain in control of this data in the audit trail. It's there so that you can 're-constitute' the information that was in there previously, to aid you with investigations etc.

We will physically (i.e. permanently and completely) delete patient data in this way in response to 1) a valid physical deletion request from the provider itself, or 2) court orders or other legislative requirements.

Accurx acts as a data processor, and so we have to be sure that we're taking our instructions from someone with authority at the data controller. This is especially important with regard to the audit trail. The NHS Digital IG standard sets out how we should do this.

This must take the form of a specifically authenticated and validated written request from an organisation’s Caldicott Guardian or Privacy Officer, co-signed by a senior clinical representative.

It's best to include as much evidence as you can of these people's status, such as your Caldicott Guardian registration, or public evidence of the senior clinician's status at the organisation (e.g. staff page on the website).

You can send this request to support@accurx.com. They may ask you for more information to make sure the request can be validated and carried out. Our Information Governance team will task a senior engineer with securely delete the data. A record of this action and the written request for it are retained in a secure log by Accurx.

Any questions, please chat to us in the bottom right or send us an email to support@accurx.com 😊