We take patient data very seriously
iGPR is fully compliant with best business and NHS security standards for the management of patient data. Niche Health is compliant with the Data Security and Protection Toolkit. This replaces the Information Governance Toolkit. All organisations that have access to NHS patient data and systems must use this toolkit. This ensures the practice of good data security and that personal information is handled correctly.
As an IG Toolkit Level 3 accredited supplier (Organisation code 8J046) Niche Health is a trusted partner to the NHS for the management of patient data using its products and services. Our products are unique to the primary care market and bring significant benefits to General Practice. In delivering these solutions, we work with trusted partners who are as committed to delivering a safe and secure service as we are.
The security of patient data is at the very heart of what we do, and we insist that our partners adhere to all security and NHS standards for data management, security and transfer.
The new General Data Protection Regulation (GDPR) came into force on 25th May 2018. Under this, every organisation that processes personal data must comply or risk a fine from the Information Commissioner’s Office (ICO), the UK’s data protection regulator. There are additional rules in the GDPR for organisations processing special category data. This includes information about an individual’s health.
iGPR helps GPs comply with the GDPR by protecting patient data when information is shared with third parties such as solicitors and insurers.
iGPR – Intelligent GP Reporting
iGPR enables third parties to securely request and receive patient medical reports electronically. This is because data sent using iGPR is fully end-to-end AES256 NHS Compliant by encrypting all data both at rest and in transmission. This enhances security for both the practice and the third party.
In addition, GPs can produce reports for third parties faster by using iGPR to automatically redact agreed sensitive information from the report in line with DPA requirements. All transmissions are audited, logged and verified to have been securely transmitted and received. Explicit patient consent drives the process and the solution is designed to ensure that the GP is the ‘gatekeeper’ and in full control of what information is provided to a requesting third party.
As part of designing and delivering the solution, iGPR has been fully penetration tested at both application and datacentre level by external security consultants.
In delivering the iGPR solution, our N3 hosting is provided by the longest standing N3 datacentre provider in the UK; Piksel.
Piksel is a trusted supplier within both the NHS and general business community for the provision of highly secure, robust solutions. Piksel manages Niche Health’s iGPR infrastructure within the secure, private NHS N3 environment at a Level 4 datacentre ensuring all data is safe, secure, encrypted and is transmitted and received using the highest encryption and security protocols. Piksel is accredited to the following NHS extended and business as usual standards:
- NHS Information Governance Toolkit Level 3 (Organisation Code 8GX09).
- ISO 9001 Quality Management.
- ISO 20000 Service Management.
- ISO 27001 Information Security.
noteSpace is IG compliant with all information processed within the NHS N3 environment (datacentre again hosted by Piksel). Patient records requested electronically using noteSpace are safely and securely delivered from our IG / BS 27001:2005 security accredited storage facility via the Box-it GPS Tracked Secure Carrier Fleet.
When an electronic copy of a record is required, records are scanned at the storage facility and delivered direct to the practice via noteSpace using our secure NHS N3 datacentre.
The secure storage solution that forms part of noteSpace is provided by Box-it, a long established provider of records management services to both the NHS and business community.
Box-it is accredited to the following NHS and business community security standards and holds the following ISO / IG accreditations along with a number of NHS contracts and framework agreements listed below:
- NHS Information Governance Level 3 (Organisation Code 8J050).
- ISO9001 Quality Management.
- ISO14001 Environmental Management.
- ISO27001 Information Security.
- BS5454 Records Management Infrastructure Compliance.
- NHS Shared Business Service Framework Agreement No. TR/SRFT/NWCCA/251/HM.
- The Common Services Agency Framework Agreement No. GB1/335 AFK/MCB.
As part of this, the following is in place at all storage facilities around the UK:
- 24-hour motion activated colour CCTV.
- Perimeter Fencing with gated swipe card access security.
- Fire & Flood Protection.
- External Auditing.
- All staff are DBS checked.
There is no charge to practices for iGPR for insurance reporting or for ongoing support. Charges do apply for iGPR for Subject Access Requests, Record Screening and noteSpace. Please see individual product pages for pricing or make an enquiry if you’re acting on behalf of a GP group.
All patient data is encrypted both at rest and transmittal. It is transferred securely using NHS-approved encryption methodologies.
iGPR (Intelligent General Practice Reporting) has been developed to make the process of supplying reports for third parties such as insurers and solicitors quick, easy and compliant for GPs. By automatically redacting sensitive and third party data and sending reports securely and electronically, GPs can save time, money and protect patient data.