Governance Support for Accurx Scribe

In this guide, you will find everything you need to set up Accurx Scribe in a way that is compliant and secure for you and your patients.

We understand governance tasks can potentially take months and be daunting, but with the resources here we believe you can complete this process in a much shorter period.

Who is this training centre for?

Data Protection Officers (DPO): As a practice or PCN you will already have an allocated DPO - they will be responsible for the Information Governance.

Clinical Safety Officers (CSO): If you don't already have one, the practice or PCN will need to appoint a clinician to lead on the clinical safety standards. They will need to be trained as a CSO. They can join our free training or you can reach out to your ICB to see what support they can offer with completing these documents.

Who should review what?

The DPO is responsible for data security and will complete the DPIA and DSPT standards. The CSO is responsible for ensuring patient safety and will complete the DCB0160 digital clinical safety standard.

What is Accurx Scribe?

An ambient voice technology that transcribes patient consultations and turns them into structured notes and onward documentation.

Requirement	Accurx Scribe, powered by Tandem
Digital Technology Assessment Criteria (DTAC): this is a framework established by the NHS to ensure that digital health technologies meet essential standards for safety, security, and usability	DTAC ready. If required for your organisation, review Accurx’s DTAC here. Accurx is also ISO 27001 certified.
DSPT	Maintained annually, with “exceeding standards”
Cyber Essentials Plus	Certified Yearly [Current certificate is valid till 02/12/2025]
CREST-approved Pen Testing	Regularly tested, latest report available on request
Named Clinical Safety Officer	CSO for Accurx: Dr Chris Sartori Tandem: Dr Lauren Flynn  Healthcare organisations are required to have a named CSO with oversight of clinical systems in use
Encryption	Enforced across all sessions, as well as at point of storage on hardened Microsoft Azure infrastructure
GDPR Compliance	Accurx DPIA template and Data Flow Diagram has been provided to all organisations for completion and approval
No Unsafe Functionality (e.g. prompt injection)	Risks arising from usage of AI (e.g. prompt injection) have been assessed and mitigated to acceptable levels (see DCB0129 Hazard Log) and are monitored on an ongoing basis through post-market surveillance
NHS System Integration	IM1 assured integration with EMIS and SystmOne. API integration with RiO, CITO, PDS, and Vision. Compatible with HL7/FHIR standards, supporting write-back to EHR
Translation Accuracy Responsibility	Accurx Scribe’s Detect Language feature is intended for bilingual clinicians who want to consult with a patient in a non-English language while documenting in English, but it is not designed to act as a translator when the clinician and patient speak different languages. As a result, the clinician-in-the-loop remains responsible for checking the accuracy of the translated output.

Requirement	Accurx Scribe, powered by Tandem
Medical Device Classification: Class I for summarisation Class IIa for enhanced functionality	Tandem has Class I certification in place Tandem are pursuing Class IIa certification for enhanced future functionality
Data Protection: UK GDPR and Data Protection Act 2018 compliance	Fully compliant Audio Recording not retained Patient data is deleted after 30 days No data is stored on user devices Data is not used to train models
System Integration	IM1 assured integration with EMIS and SystmOne. API integration with RiO, CITO, PDS, and Vision. Compatible with HL7/FHIR standards, supporting write-back to EHR
Included in Accurx’s IM1 integration	Accurx Scribe is included in Accurx’s IM1 assurance for safe and secure saving direct to the record

Accurx Scribe: key facts

Has been used over 900k times across the country

Is live in over 50% of GP practices

Consultations are not used to train AI models

Audio recordings are deleted as soon as the transcript is completed

Ready to set up?

Here’s some quick links to get started.

Step-by-step support

View our recent webinar that offers step-by-step assurance support from our clinical team

Watch webinar

Governance checklist

Review the Accurx DCB0129 and then complete the DCB0160

Estimated time to complete: 5-7 days

Complete the Data Protection Impact Assessment (DPIA)

Estimated time to complete: 3-5 days

Review the Accurx Digital Technology Assessment Criteria (DTAC)

Estimated time to complete: 1 day

Accept the Accurx Data Processing Agreement (DPA)

Estimated time to complete: 1-2 days