We take the protection of patient data very seriously
iGPR is continuously reviewing its compliance with both current data protection legislation and industry and NHS best practice for the management of patient data. We are required to submit an annual Data Security and Protection Toolkit to NHS Digital (Organisation code 8KG24) to demonstrate that we are meeting all mandatory assertions that are applicable to the work we carry out on behalf of Practices and patients and that we are a trusted business partner to the NHS. Additionally, we provide evidence to companies who use iGPR that we are meeting all statutory and regulatory requirements and to provide our clients with the assurance that iGPR is a safe and compliant supplier.
Our products are unique to the primary care market and bring significant benefits to General Practices. In delivering these solutions, we in turn, work with trusted partners who provide data centre services to us and who are also vetted by NHS Digital and are as committed to delivering a safe and secure service as we are.
The security of patient data is at the very heart of what we do and we require that our partners adhere to all security and NHS standards for data management, security and transfer.
Data Protection Legislation
The main data protection legislation that governs how we must look after and protect personal and special category information (such as health records), is the Data Protection Act 2018 and the UK-General Data Protection Regulations (UK-GDPR). This legislation sets out the requirements for individuals and/or organisations where they act as controllers or processors of data, to adhere to strict measures to protect any data in transit or at rest to the highest levels. Failure to take proper steps to safeguard such data, or loss of such data by negligent or inadequate action, may result in censure and financial penalty being imposed by the Information Commissioner’s Office (ICO) as the UK Supervisory Body for data protection.
iGPR supports GPs in their compliance with the data protection legislation by ensuring that patient data to be shared with requesting third parties such as solicitors and insurers, is effectively protected and encrypted in transit and at rest.
iGPR – Intelligent Reporting for General Practice
iGPR enables third parties to securely request and receive patient medical reports electronically. The data is fully encrypted to AES256 standard in transit and at rest and flows through a secure Health and Social Care Network (HSCN) accredited data centre. GPs can be confident that the data they provide to third parties using iGPR is protected at every point.
In addition to the benefits of enhanced security, GPs can produce reports for third parties faster by using iGPR to automatically redact information from the report in line with DPA requirements. All transmissions are audited, logged and verified to have been securely transmitted and received. The solution is designed to ensure that the GP remains in full control of what information is provided to a requesting third party.
As part of designing and delivering the solution, iGPR has been fully and regularly penetration tested at both application and datacentre level by external security consultants. iGPR also holds the following accreditations:
- ISO 27001 – Information Security Management
- Cyber Essentials
- Cyber Essentials Plus
- Cyber GRX
In delivering the iGPR solution, our HSCN hosting is provided by Redcentric and data remains in the UK at every point.
Redcentric is a trusted supplier within both the NHS and general business community for the provision of highly secure, robust solutions. Redcentric manages the iGPR infrastructure within the secure, private NHS HSCN environment at one of its UK based datacentres, ensuring all data is safe, secure, encrypted and is transmitted and received using the highest encryption and security protocols. Redcentric submits an annual Data Security and Protection Toolkit to NHS Digital (Organisation Code 8GX09) and meets the following ISO/IEC standards:
- ISO 9001 – Quality Management
- ISO 27001 – Information Security Management
- ISO 14001 – Environmental Management
- ISO22301:2012 – Business Continuity Management