We take patient data very seriously
iGPR is fully compliant with best business and NHS security standards for the management of patient data. iGPR is compliant with the Data Security and Protection Toolkit. This replaces the Information Governance Toolkit. All organisations that have access to NHS patient data and systems must use this toolkit. This ensures the practice of good data security and that personal information is handled correctly.
As a DSP Toolkit accredited supplier (Organisation code 8KG24) iGPR Technologies Limited is a trusted partner to the NHS for the management of patient data using its products and services. Our products are unique to the primary care market and bring significant benefits to General Practice. In delivering these solutions, we work with trusted partners who are as committed to delivering a safe and secure service as we are.
The security of patient data is at the very heart of what we do, and we insist that our partners adhere to all security and NHS standards for data management, security and transfer.
The new General Data Protection Regulation (GDPR) came into force on 25th May 2018. Under this, every organisation that processes personal data must comply or risk a fine from the Information Commissioner’s Office (ICO), the UK’s data protection regulator. There are additional rules in the GDPR for organisations processing special category data. This includes information about an individual’s health.
iGPR helps GPs comply with the GDPR by protecting patient data when information is shared with third parties such as solicitors and insurers.
iGPR – Intelligent GP Reporting
iGPR enables third parties to securely request and receive patient medical reports electronically. This is because data sent using iGPR is fully end-to-end AES256 NHS Compliant by encrypting all data both at rest and in transmission. This enhances security for both the practice and the third party.
In addition, GPs can produce reports for third parties faster by using iGPR to automatically redact agreed sensitive information from the report in line with DPA requirements. All transmissions are audited, logged and verified to have been securely transmitted and received. Explicit patient consent drives the process and the solution is designed to ensure that the GP is the ‘gatekeeper’ and in full control of what information is provided to a requesting third party.
As part of designing and delivering the solution, iGPR has been fully penetration tested at both application and datacentre level by external security consultants.
In delivering the iGPR solution, our HSCN hosting is provided by the longest standing HSCN datacentre provider in the UK; Piksel.
Piksel is a trusted supplier within both the NHS and general business community for the provision of highly secure, robust solutions. Piksel manages the iGPR infrastructure within the secure, private NHS HSCN environment at a Level 4 datacentre ensuring all data is safe, secure, encrypted and is transmitted and received using the highest encryption and security protocols. Piksel is accredited to the following NHS extended and business as usual standards:
- NHS DSP Toolkit (Organisation Code 8GX09).
- ISO 9001 Quality Management.
- ISO 20000 Service Management.
- ISO 27001 Information Security.