If you work within the health and social care environment using our digital tools, or if you are possibly considering the use of our digital tools, you will need assurance you are working securely.
Here we will explain how we keep your patients’ data safe.
The role of Health Diagnostics
Our data security accreditations
- We are ISO27001:2022 accredited
- Have completed Cyber Essentials
- Have NHS Data Security and Protection assurance
What data do we process?
Health Diagnostics collect demographic and clinical information of an individual or patient including special categories of data, such as ethnic origin, in order to invite a patient to participate in a public health programme and to perform a risk assessment on behalf of the patient. Health Diagnostics also perform analysis on pseudonymised data sets in order to provide aggregate information for performance reporting to the local public health authority.
How do we invite patients into public health programmes?
Our digital service automates the sending of letters through CFH Docmail and SMS with TextLocal.
See Docmail’s privacy policy; and the privacy policy for TextLocal.
Do we need patient consent for processing under GDPR?
As long as a Data Processing Agreement is in place between Health Diagnostics and the health and social care organisation then the explicit consent of the patient is not required under GDPR as long as another lawful basis can be used.
The lawful basis for processing under GDPR for our services is:
6(1)(e)’…necessary for the performance of a task carried out in the public interest or in the exercise of official authority…’; or