Keeping your data safe.

Every day, NHS patients and healthcare professionals trust Accurx with very sensitive data. This brings an incredible responsibility - and one that we take incredibly seriously.

Our software aims to make patients healthier and healthcare staff happier. But that's only possible if you understand what data we process, why we process it and how it's used. It's not enough to ask you to trust us, we have to show that we are trustworthy.

Whatever your involvement in healthcare, below you can find out more about our data security and privacy policies. If you have a specific question in mind, you can also skip to our FAQs below.

Accurx is certified to NHS and government standards

The NHS and British Government set standards to make sure all organisations using health data keep it safe and use it ethically. We make sure Accurx meets these standards and lead by example for other healthtech companies to follow.

Certified by:

Integrates with:

How we use data

Data encryption

We encrypt all data, both when it is stored and when it is sent. That means the only people who can access it are you, your healthcare professional and anyone you authorise.

User input and insights

We’re passionate about listening to our users and are currently developing a patient panel to shape decisions on new technologies and data use.

Strong identity controls

We make sure the people who use our systems are the same professionals you trust to care for you. They must have verified NHS credentials.

A culture of data security

All Accurx staff complete security and information governance training when starting. We’re always monitoring our team’s understanding of data security to ensure best practice.

Safe and secure partners

We sometimes work with other organisations, for example, to store data securely in the cloud. Only those who meet our high standards become our partners.

A mission-driven approach

Everything we do with data is to improve people's health. All business decisions are guided by our mission and the NHS code of conduct for data-driven technology.

FAQs

Accurx has a commitment to every patient whose data we store to keep it safe and secure. To find out more about how we use your data, take a look at the frequently asked questions below.

What does Accurx software do?

Accurx builds software that makes it easier for healthcare staff to communicate with you and each other. It is only used to help provide patients like you with individual care.

You can read more detail about us, our story and how we work on other sections of this website.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Why does Accurx need my information?

We need to access some of it to help provide patients and healthcare staff with our communication software, which is intended to make things easier for you all. When you or the staff involved in your care use our secure software, we receive information about you.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What information does Accurx use?

The information Accurx receives from you or from care providers (like NHS GPs) includes:

  • Your full name
  • Your date of birth
  • Correspondence between you and your healthcare professional and between healthcare professionals about you
  • Your NHS number
  • Your mobile number
  • Your email address
  • Demographic data

Remember, we only get this information when we are doing something for the provider that we could not do without it.

For example, it would be impossible for a GP to use our messaging service to send you a text without them sharing your phone number. Or when you use the form on your GP's website, the information you share with them passes through our systems. We make sure that we only collect what is necessary to provide your care professionals with services on our platform, and store it safely.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How does Accurx keep the data secure?

We transmit and store data in encrypted form. This means nobody else can read it without the right credentials. When stored, your data is encrypted in an extremely secure UK-based Microsoft Azure data centre.  

We meet the highest standards of safety and security, as set by NHS bodies and the government. We go through assurance processes for these and we regularly get outside independent experts to check our systems are secure. You can see a list of our security credentials in our Resource Centre.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What rules does Accurx follow?

We follow rules that are set out in our agreements and policies. These form binding commitments we make to you and providers about what data we access and how we keep it safe. These commitments comply with the key laws in this area - the Data Protection Act 2018 and the General Data Protection Regulation - and the rules set out by the NHS on health care data sharing.

If you're already clued up on data protection and privacy, you can jump straight to reading the key documents in our Resource Centre. It's important that these agreements are thorough, but it makes them hard to understand and digest. We sum the important points up on this page.

We act as something called a Data Processor. This means we can only do things with patient data under instructions of data controllers. In this case, these are the organisations giving patients care, such as a GP practice, hospital or care home (providers). They are ultimately responsible for creating and storing information about patients and their health, such as in a patient record.

We only do what they tell us to with it. For example, we only look up your details to contact you if instructed to by a professional involved in your care. The responsibilities that we and providers have about sharing this information are laid out in what's called our 'Data Processing Agreement'. We have the same agreement with every organisation using Accurx.

Our company also has an overall approach to using data, set out in our Privacy Policy.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Does Accurx's platform comply with the law and NHS rules about data?

Legally, your GP or Doctor is allowed to share this data on your behalf in order to provide you with individual care. This is also the legal basis for us being able to process it. You might look at the list of what we have access to and think, 'that's a lot of personal information', and there's no denying that that's true: it is. That's why we're honoured to be trusted by healthcare professionals and why we take keeping your data safe extremely seriously.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Does Accurx collect data for things other than delivering care?

Yes, on some occasions, such as for surveys about our product, or visitors to our website. These are separate purposes for information we might collect about individuals to delivering care. We keep the systems for collecting these strictly separate from the systems we use to help staff provide patients with individual care.​

One example is if you choose to participate in one of our feedback surveys or when you use our website, we collect information to make our own products and services better. We act as the data controller in this case, deciding what to do with the data. And we obtain your permission to do this when you fill in the survey. Everything is still governed by our Privacy Policy.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How can I access data about me and my care?

If you wish to see the information the NHS holds and controls about you, that is something your provider (e.g. your GP practice) should help you with. Ask them or visit their website for more information about how to do this. This will include the things they have instructed Accurx to do for them with your data (e.g. records of text messages sent using Accurx).

You have a legal right to access the data we store about you when you interact with us directly, such as when contacting our support desk. This is known as a 'Subject Access Request'. We are happy to help and you can contact us on support@accurx.com.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Who sees my data?

We have strict access requirements on who can use our software, to make sure the only people accessing your information are those providing you with care.

At Accurx, our employees may need to see patient data that we store for for strictly limited purposes. For example, this data may need to be accessed to investigate technical problems with our services. These occasions are very rare and only happen when absolutely necessary. Any access to patient information is time-limited and governed by our agreements with healthcare providers. Every single person undergoes training about what is appropriate in these circumstances. Data is deleted when investigations are complete.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What happens if someone at Accurx misbehaves?

We operate zero tolerance policies for misuse of data here at Accurx. It's part of everyone's employment contract here. If any one of us is found to have accessed part of your information without a valid reason, they would be sacked and the Information Commissioner's Office (the regulator) would be informed.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Why does the NHS need Accurx?

The NHS and the health and care professionals who look after you know best how to give you great care. They're the experts on that. We know it can be hard to communicate using modern technology in the NHS, and that's where we can help by enabling them to do their jobs more easily (and lots of them think we're doing a good job). Ultimately, working together we think we can improve the nation's health.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Can I use the NHS National Data opt-out to stop Accurx receiving my data?

The NHS national data opt-out only applies to NHS organisations and sharing your information for research or planning. Because Accurx processes data for professionals who give you individual care, this opt-out does not apply to the data they share with us. We do not use that data for research.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Does Accurx sell my data?

No. We would never do anything like this. We are in the business of supporting your NHS staff to give you great care - that's what we want to be paid for.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Accurx has a commitment to every patient whose data we store to keep it safe and secure. To find out more about how we use your data, take a look at the frequently asked questions below.

Where does Accurx fit in?

Typically, the healthcare organisation is the Data Controller. Patients are the Data Subjects. We are the Data Processor (where our services are used). This means that we process data about your patients under the terms in our Data Processing Agreement, to allow you (as a healthcare organisation) to provide a service to your patients.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How are we 'IG compliant'?

We have NHS Data Security and Protection Toolkit assurance (under NHS ODS code 8JT17). You can see our full submission here. We also develop software under the principle of ‘Privacy by design'.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How do we keep data secure?

Our Accurx servers are hosted in the London Microsoft Azure Data Centre. We follow best practice guidance from NHS Digital, the UK National Cyber Security Centre (NCSC) and Microsoft. See here for detailed information. All data sent is encrypted when in transit (when it is sent) and at rest (when it is stored).

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Are we Cyber Essentials certified?

Cyber Essentials is a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us. We have the Cyber Essentials and Cyber Essentials Plus certification.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What data do we process?

In order to provide communication with and about patients we process patient data and healthcare staff data to our secure servers. The patient data typically includes name, identifiers, contact details, demographic data, message content (including documents and patient replies to messages either via secure surveys or two-way messaging) and other application-use related data. We only process this data when you send a communication to patients.

We also process healthcare staff data who are users of Accurx. This typically includes role, organisation, contact details, identifiers including gender and date-of-birth, messages, metadata, signatures, login and other application-use related data.

The video and audio communication of any video consultation is only visible to participants on the call, and is not recorded or stored on any server. The IP address of call participants may be stored as part of metadata stored, however no other personal information of call participants is collected or stored.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How do we send text messages?

We use FireText or BT/EE to send SMS messages. You can read the Firetext privacy policy here and BT/EE privacy policy here.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Does the GDPR require explicit patient consent to send SMS messages to patients?

No, providing another legal basis is used. This was confirmed by the ICO in a BBC interview (go to 7:55 in).

GDPR allows six different legal bases for processing data, of which consent is one. The Information Governance Alliance advises healthcare organisations to process patient data for the delivery or administration of care under the following legal bases:

6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.

9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’

The ICO has warned against the use of consent as a legal basis for data processing by public authorities and healthcare providers.

The Information Governance Alliance has produced a range of GDPR guidance for NHS organisations, including a helpful checklist for GP practices.

If your practice does choose to gather consent for other reasons, all consent codes found in a patient’s medical record are shown to the user.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How can patients opt out?

When sending an SMS Accurx Desktop shows all consent codes and dissent codes found in the patient record. If a patient wishes to opt out of receiving SMS messages, you should update their ‘Notification preferences’ in the patient registration dialog.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How do we ensure that the right person gets the message?

In short, you can never be 100% confident, and so SMS messages shouldn’t be used for sensitive information (e.g. positive STI test result) or time-critical information (e.g. to book an urgent appointment) without the right safety net or follow up.

There are a lot of steps you can take to improve the quality of your SMS database, including asking your receptionists to confirm mobile numbers on every call, and confirming a patient’s mobile number in a consultation, especially when sending an SMS at the end of the consultation.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Our resources

Here, you can see all the key documents about Accurx and what we do with data.

Our information governance documents set out the promises we make about data, the agreements we have in place, and how we comply with the relevant laws and NHS rules and guidance.

Our security credentials show how we keep those promises, keep our systems secure, and keep your data safe.

Policies and Agreements

Security and Privacy Credentials

Record View resources

Here you can find everything you might want to know about our feature, Record View. This puts patients at the centre of their care, and helps to make sure their information can be shared with whoever's delivering care.

If you're a GP practice considering turning on Record View:

And for more detailed resources aimed at IG professionals:

Data Privacy Impact Assessments (DPIAs)

When using Accurx, it is up to the data controller (your organisation) to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:

Support

You can find more detailed information and support articles about the way we use data in our software in our dedicated support centre. These cover:

And articles about features of: