Keeping your data safe.

Every day, NHS patients and healthcare professionals trust Accurx with very sensitive data. This brings an incredible responsibility - and one that we take incredibly seriously.

Our software aims to make patients healthier and healthcare staff happier. But that's only possible if you understand what data we process, why we process it and how it's used. It's not enough to ask you to trust us, we have to show that we are trustworthy.

Whatever your involvement in healthcare, below you can find out more about our data security and privacy policies. If you have a specific question in mind, you can also skip to our FAQs below.

Accurx is certified to NHS and government standards

The NHS and British Government set standards to make sure all organisations using health data keep it safe and use it ethically. We make sure Accurx meets these standards and lead by example for other healthtech companies to follow.

Certified by:

Integrates with:

How we use data

Data encryption

We encrypt all data, both when it is stored and when it is sent. That means the only people who can access it are you, your healthcare professional and anyone you authorise.

User input and insights

We’re passionate about listening to our users and are currently developing a patient panel to shape decisions on new technologies and data use.

Strong identity controls

We make sure the people who use our systems are the same professionals you trust to care for you. They must have verified NHS credentials.

A culture of data security

All Accurx staff complete security and information governance training when starting. We’re always monitoring our team’s understanding of data security to ensure best practice.

Safe and secure partners

We sometimes work with other organisations, for example, to store data securely in the cloud. Only those who meet our high standards become our partners.

A mission-driven approach

Everything we do with data is to improve people's health. All business decisions are guided by our mission and the NHS code of conduct for data-driven technology.

FAQs

Accurx has a commitment to every patient whose data we store to keep it safe and secure. To find out more about how we use your data, take a look at the frequently asked questions below.

What does Accurx software do?

Accurx builds software that makes it easier for healthcare staff to communicate with you and each other. It is only used to help provide patients like you with individual care.

You can read more detail about us, our story and how we work on other sections of this website.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Why does Accurx need my information?

We need to access some of it to help provide patients and healthcare staff with our communication software, which is intended to make things easier for you all. When you or the staff involved in your care use our secure software, we receive information about you.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What information does Accurx use?

The information Accurx receives from you or from care providers (like NHS GPs) includes:

  • Your demographic details (your name, date of birth and gender)
  • Your NHS number
  • Your contact details (your mobile phone number and email address)

We have access to some communications with your healthcare provider, and third party data, including information from your GP record that may be required from time to time.We only get the information necessary for your care provider to use our software.For example, it would be impossible for a GP to use our messaging service to send you a text without them sharing your phone number. Or when you use the form on your GP's website, the information you share with them passes through our systems. We make sure that we only collect what is necessary to provide your care professionals with services on our platform, and store it safely.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Is my data secure with Accurx?

We transmit and store data in encrypted form. This means nobody else can read it without the right credentials. When stored, your data is encrypted in an extremely secure UK-based Microsoft Azure data centre.

We meet the highest standards of safety and security, as set by NHS bodies and the government. We go through assurance processes for these and we regularly get outside independent experts to check our systems are secure. You can see a list of our security credentials in our Resource Centre.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What rules does Accurx follow?

In our agreements and policies, we make binding commitments to you and our providers about what data we access and how we keep it safe. These commitments comply with the key laws in this area - the Data Protection Act 2018 and the UK General Data Protection Regulation - and the rules and standards set out by the NHS on handling health care data.

Fundamentally, we act as something called a ‘data processor’. This means we can only use your data under the instructions of your healthcare providers, who are the data controllers i.e. the organisations delivering patient care, such as a GP practice, hospital or care home. They are ultimately responsible for creating and storing information about patients and their health, such as in a patient record.

We only do what they tell us to do with it. You can find out more about the responsibilities we and others have in this regard in our Privacy Policy and Data Processing Agreement. We have the same agreement with every organisation using Accurx.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How does Accurx's platform comply with the law and NHS rules about data?

Legally, your GP or Doctor is allowed to share this data on your behalf in order to provide you with individual care. This is also the legal basis for us being able to process it. You might look at the list of what we have access to and think, 'that's a lot of personal information', and there's no denying that that's true: it is. That's why we're honoured to be trusted by healthcare professionals and why we take keeping your data safe extremely seriously.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Does Accurx collect data for things other than delivering care?

Yes, but separately. On some occasions, such as for surveys about our software, or visitor use of our website. We keep the systems for collecting these strictly separate from the systems we use to help healthcare practitioners provide patients with individual care because the information is collected for a very different purpose.

One example is if you choose to participate in one of our feedback surveys or when you use our website, we collect information to make our own software and services better. We act as the data controller in this case, deciding what to do with the data. And we obtain your permission to do this when you fill in the survey. We explain more how we handle your data in this case in our Privacy Policy.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How can I access data about me and my care?

If you wish to see the information the NHS holds and controls about you, that is something your provider (e.g. your GP practice) should help you with. Ask them or visit their website for more information about how to do this. This will include the things they have instructed Accurx to do for them with your data (e.g. records of text messages sent using Accurx).

You have a legal right to access the data we store about you when you interact with us directly, such as when contacting our support desk. This is known as a 'Subject Access Request'. We are happy to help and you can contact us on support@accurx.com.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Who sees my data?

We have strict access requirements on who can use our software, to make sure the only people accessing your information are those providing you with care.

At Accurx, our employees may need to see patient data that we store for for strictly limited purposes. For example, this data may need to be accessed to investigate technical problems with our services. These occasions are very rare and only happen when absolutely necessary. Any access to patient information is time-limited and governed by our agreements with healthcare providers. Every single person undergoes training about what is appropriate in these circumstances. Data is deleted when investigations are complete.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What happens if someone at Accurx breaches the company’s security and privacy standards?

We operate zero tolerance policies for misuse of data here at Accurx. It's part of everyone's employment contract here. If any one of us is found to have accessed part of your information without a valid reason, they would be sacked and the Information Commissioner's Office (the regulator) would be informed.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Why does the NHS need Accurx?

The NHS and the health and care professionals who look after you know best how to give you great care. They're the experts on that. We know it can be hard to communicate using modern technology in the NHS, and that's where we can help by enabling them to do their jobs more easily (and lots of them think we're doing a good job). Ultimately, working together we think we can improve the nation's health.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Can I use the NHS National Data opt-out to stop Accurx receiving my data?

The NHS national data opt-out only applies to NHS organisations and sharing your information for research or planning. Because Accurx processes data for professionals who give you individual care, this opt-out does not apply to the data they share with us. We do not use that data for research.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Does Accurx sell my data?

No. We would never do anything like this - we never have and we never will. We are in the business of supporting your NHS staff to give you great care - that's what we want to be paid for.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
I have received an SMS message asking me to book a GP appointment. Is it safe?

98% of GP practices use our software, so you may receive SMS messages asking you to book GP appointments via an Accurx link. These are completely safe, however, we realise that there are many phishing schemes that aim to mimic messages like this in order to access your details.

Please check the link on any SMS messages you receive from your GP. If it is from our software, it will include 'accurx.nhs.uk', 'patient.accurx.com' or 'florey.accurx.com' and should come from your named GP practice. We encourage you to follow the recommended steps for checking messages for potential spam, including looking out for spelling errors and incorrect information. If you are still unsure, please contact our Support Team at support@accurx.com.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Accurx has a commitment to every patient whose data we store to keep it safe and secure. To find out more about how we use your data, take a look at the frequently asked questions below.

How do I know that Accurx is safe for my service to use?

We transmit and store data in encrypted form. This means nobody else can read it without the right credentials. When stored, your data is encrypted in an extremely secure UK-based Microsoft Azure data centre.

We meet the highest standards of safety and security, as set by NHS bodies and the government. We go through assurance processes for these and we regularly get outside independent experts to check our systems are secure.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Where does Accurx fit in?

Typically, the healthcare organisation is the ‘data controller. Patients are the data subjects. We are the data processor (where our services are used). This means that we process data about your patients under the terms in our Data Processing Agreement, to allow you (as a healthcare organisation) to provide a service to your patients.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How are we 'IG compliant'?

Accurx is an accredited Type 1 Supplier on NHS Digital’s DCS Catalogue and is fully compliant with NHS Digital’s interoperability standards for primary care integrations. We are also an assured IM1 live supplier and an approved supplier on the Government’s Digital Marketplace (G-Cloud).

Our primary care integrations have proven capability and, given our understanding of the stringent assurance requirements for integrations in these settings, we take and utilise these learnings when developing all of our products in other care settings (such as our Accurx Web offering for secondary care) to ensure that our integrations attain and maintain the highest standards.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How do we keep data secure?

Our Accurx servers are hosted in the London Microsoft Azure Data Centre. We follow best practice guidance from NHS Digital, the UK National Cyber Security Centre (NCSC) and Microsoft. See here for detailed information. All data sent is encrypted when it is sent and when it is stored.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Are we Cyber Essentials certified?

Yes, we have the Cyber Essentials and Cyber Essentials Plus certification. Cyber Essentials is a scheme run by the UK government and the National Centre for Cyber Security to help you know that you can trust your data with us.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What data do we process?

In order to provide communication with and about patients we process patient data and healthcare staff data to our secure servers. The patient data typically includes name, identifiers, contact details, demographic data, message content (including documents and patient replies to messages either via secure surveys or two-way messaging) and other application-use related data. We only process this data when you send a communication to patients.

We also process healthcare staff data who are users of Accurx. This typically includes role, organisation, contact details, identifiers including gender and date-of-birth, messages, metadata, signatures, login and other application-use related data.

The video and audio communication of any video consultation is only visible to participants on the call, and is not recorded or stored on any server. The IP address of call participants may be stored as part of metadata stored, however no other personal information of call participants is collected or stored.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How do we send text messages?

We use FireText,BT/EE, or Vonage to send SMS messages. You can read the Firetext privacy policy here and BT/EE privacy policy here.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Does the UK GDPR require explicit patient consent to send SMS messages to patients?

No, providing another legal basis is used. This was confirmed by the ICO in a BBC interview (go to 7:55 in).GDPR allows six different legal bases for processing data, of which consent is one. The Information Governance Alliance advises healthcare organisations to process patient data for the delivery or administration of care under the following legal bases:6(1)(e) ‘…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’.

9(2)(h) ‘…medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems…’

The ICO has warned against the use of consent as a legal basis for data processing by public authorities and healthcare providers. The Information Governance Alliance has produced a range of GDPR guidance for NHS organisations, including a helpful checklist for GP practices. If your practice does choose to gather consent for other reasons, all consent codes found in a patient’s medical record are shown to the user.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How can patients opt out?

When sending an SMS Accurx Desktop shows all consent codes and dissent codes found in the patient record. If a patient wishes to opt out of receiving SMS messages, you should update their ‘Notification preferences’ in the patient registration dialog.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How do we ensure that the right person gets the message?

In short, you can never be 100% confident, and so SMS messages shouldn’t be used for sensitive information (e.g. positive STI test result) or time-critical information (e.g. to book an urgent appointment) without the right safety net or follow up.

There are a lot of steps you can take to improve the quality of your SMS database, including asking your receptionists to confirm mobile numbers on every call, and confirming a patient’s mobile number in a consultation, especially when sending an SMS at the end of the consultation.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
What does it mean to ‘surface’ appointment data? Is this safe?

Some of our features enable patients to self-book an appointment (Self-Book, Batch Self-Book and Patient Triage). In order for these features to work, Accurx searches for available slots in a practice's EMIS or SystmOne appointment book, and makes these visible for patients. This enables patients to book an appointment at a time and date that suits them, from a list of appointments pre-determined by the practice as ‘available’. This functionality is IG compliant, and we make sure to keep both user and patient data safe.

Was this helpful?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Our resources

Here, you can see all the key documents about Accurx and what we do with data.

Our information governance documents set out the promises we make about data, the agreements we have in place, and how we comply with the relevant laws and NHS rules and guidance.

Our security credentials show how we keep those promises, keep our systems secure, and keep your data safe.

Policies and Agreements

Security and Privacy Credentials

Record View resources

Here you can find everything you might want to know about our feature, Record View. This puts patients at the centre of their care, and helps to make sure their information can be shared with whoever's delivering care.

If you're a GP practice considering turning on Record View:

And for more detailed resources aimed at IG professionals:

Data Privacy Impact Assessments (DPIAs)

When using Accurx, it is up to the data controller (your organisation) to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:

Support

You can find more detailed information and support articles about the way we use data in our software in our dedicated support centre. These cover:

And articles about features of: