The security and privacy of all data and especially patient data is fundamental our business. This statement applies to our processes and all our products including
- ShareMyXray medical image sharing portal
- bbRad medical image sharing gateway
- exoPACS Vendor Neutral Archive
- CDM Data Migration
Since we started in 2001, security has been pervasive in everything we do, from product design through to physical security to operational procedures. This statement provides our customers with our corporate policy regarding information security and compliance, and how the policy relates to various standards including
- GDPR
- NHS Digital Services Toolkit
- NHS Information Governance (IGSoC)
- Data Protection Act 2018
IG & Security compliance statement
“Cypher Information Technology Ltd has a Security and Information Governance Policy which complies with NHS Information Governance and Caldicott requirements in addition to Data Protection Act obligations, including the handling of sensitive personal information. The policy includes annual audit and review and is regularly updated as needed to keep up with staffing, procedural, legal and technological developments.”
We are registered under the Data Protection Act with the Information Commissioner’s Office under reference Z8682964
Information Governance Policy
Our full Information Governance policy directory. It applies to us as a company, ensuring that our staff handle data securely, as well as ensuring all our products handle data securely too. The documentation is large however, so here are selection of commonly referenced questions:
- Security of bbRad
- Purpose of use and Everyone’s responsibility, irrespecitive of role or junior/seniority
- IG is part of staff induction & contract
- Ensuring no potential leaks arise from staff leavers
- Patient-identifiable information must not be transferred outside of the EEA
- Segregation of duties, specifically around access to patient data
- Strong encryption of data in transit
- Strong encryption of data at rest