We follow rules that are set out in our agreements and policies. These form binding commitments we make to you and providers about what data we access and how we keep it safe. These commitments comply with the key laws in this area - the Data Protection Act 2018 and the General Data Protection Regulation - and the rules set out by the NHS on health care data sharing.
If you're already clued up on data protection and privacy, you can jump straight to reading the key documents in our Resource Centre. It's important that these agreements are thorough, but it makes them hard to understand and digest. We sum the important points up on this page.
We act as something called a Data Processor. This means we can only do things with patient data under instructions of data controllers. In this case, these are the organisations giving patients care, such as a GP practice, hospital or care home (providers). They are ultimately responsible for creating and storing information about patients and their health, such as in a patient record.
We only do what they tell us to with it. For example, we only look up your details to contact you if instructed to by a professional involved in your care. The responsibilities that we and providers have about sharing this information are laid out in what's called our 'Data Processing Agreement'. We have the same agreement with every organisation using accuRx.