We take patient data very seriously
iGPR is fully compliant with best business and NHS security standards for the management of patient data. Niche Health is compliant with the Data Security and Protection Toolkit. This replaces the Information Governance Toolkit. All organisations that have access to NHS patient data and systems must use this toolkit. This ensures the practice of good data security and that personal information is handled correctly.
As an IG Toolkit Level 3 accredited supplier (Organisation code 8J046) Niche Health is a trusted partner to the NHS for the management of patient data using its products and services. Our products are unique to the primary care market and bring significant benefits to General Practice. In delivering these solutions, we work with trusted partners who are as committed to delivering a safe and secure service as we are.
The security of patient data is at the very heart of what we do, and we insist that our partners adhere to all security and NHS standards for data management, security and transfer.
The new General Data Protection Regulation (GDPR) came into force on 25th May 2018. Under this, every organisation that processes personal data must comply or risk a fine from the Information Commissioner’s Office (ICO), the UK’s data protection regulator. There are additional rules in the GDPR for organisations processing special category data. This includes information about an individual’s health.
iGPR helps GPs comply with the GDPR by protecting patient data when information is shared with third parties such as solicitors and insurers.
iGPR – Intelligent GP Reporting
iGPR enables third parties to securely request and receive patient medical reports electronically. This is because data sent using iGPR is fully end-to-end AES256 NHS Compliant by encrypting all data both at rest and in transmission. This enhances security for both the practice and the third party.
In addition, GPs can produce reports for third parties faster by using iGPR to automatically redact agreed sensitive information from the report in line with DPA requirements. All transmissions are audited, logged and verified to have been securely transmitted and received. Explicit patient consent drives the process and the solution is designed to ensure that the GP is the ‘gatekeeper’ and in full control of what information is provided to a requesting third party.
As part of designing and delivering the solution, iGPR has been fully penetration tested at both application and datacentre level by external security consultants.
In delivering the iGPR solution, our N3 hosting is provided by the longest standing N3 datacentre provider in the UK; Piksel.
Piksel is a trusted supplier within both the NHS and general business community for the provision of highly secure, robust solutions. Piksel manages Niche Health’s iGPR infrastructure within the secure, private NHS N3 environment at a Level 4 datacentre ensuring all data is safe, secure, encrypted and is transmitted and received using the highest encryption and security protocols. Piksel is accredited to the following NHS extended and business as usual standards:
- NHS Information Governance Toolkit Level 3 (Organisation Code 8GX09).
- ISO 9001 Quality Management.
- ISO 20000 Service Management.
- ISO 27001 Information Security.
noteSpace is IG compliant with all information processed within the NHS HSCN environment (datacentre again hosted by Piksel). Patient records requested electronically using noteSpace are safely and securely delivered from our IG / BS 27001:2005 security accredited storage facility via the GPS Tracked Secure Carrier Fleet.
When an electronic copy of a record is required, records are scanned at the storage facility and delivered direct to the practice via noteSpace using our secure NHS HSCN datacentre.
The secure storage solution that forms part of noteSpace is provided by Box-it and their parent company Oasis Group, a long established provider of records management services to both the NHS and Business community.
noteSpace Digital has been designed from inception to be fully compliant with NHS and best business security standards for the management of patient data. Niche Health is compliant with the NHS Information Governance (IG) Toolkit which ensures the safe handling and transmission of information for organisations working within the NHS environment.
Secure Storage and Digitisation
In delivering the noteSpace Digital solution our secure storage and digital function is provided by Box-It and their parent company, Oasis Group, who are long-established providers of records management services to both the NHS and Business community.
As an IG Toolkit accredited supplier (Organisation code 8J050) Box-it and Oasis Group are trusted partners to the NHS for the management of patient data.
Lloyd George and A4 records are scanned at the storage facility and the digitised records are delivered directly to the practice via the noteSpace software, through our secure NHS HSCN datacentre.
Hard copy patient records are securely delivered from our IG / BS 27001:2013 security accredited storage facility via the GPS Tracked Secure Carrier Fleet.
Box-it Oasis Group Security Standard Accreditations
Box-it and Oasis Group are accredited to the following NHS and business community security standards and hold the following ISO / IG Certificates and Standards and the NHS framework listed below:
- NHS Information Governance Level 2 (Organisation Code 8J050)
- ISO 9001:2015 Quality Management (Certificate)
- ISO 14001:2015 Environmental Management (Certificate)
- ISO 27001:2013 Information Security Accreditation and Government Cyber Essentials (Certificate)
- BS 10008:2014 Legal Admissibility of Digital Content (Standard)
- BS5454 Archive Records Management Standards (Standard)
- BS EN 15713 Secure Destruction of Confidential Material (Standard)
- NHS Shared Business Service Framework Agreement No. TR/SRFT/NWCCA/251/HM
As part of this the following is in place at all storage facilities around the UK (16 sites):
- Perimeter fencing and gated swipe card access security / 24-hour motion activated colour CCTV
- Fire & Flood Protection
- GPS tracked vehicles
- All staff DBS (Disclosure and Barring Service) checked – formerly CRB checks
- External Auditing