Information Governance (IG) and Security Compliance statement

The security and privacy of all data and especially patient data is fundamental our business. This statement applies to our processes and all our products including

  • ShareMyXray medical image sharing portal
  • bbRad medical image sharing gateway
  • exoPACS Vendor Neutral Archive
  • CDM Data Migration

Since we started in 2001, security has been pervasive in everything we do, from product design through to physical security to operational procedures. This statement provides our customers with our corporate policy regarding information security and compliance, and how the policy relates to various standards including

  • NHS Information Governance (IGSoC)
  • Data Protection Act 1998

IG & Security compliance statement

Cypher Information Technology Ltd has a Security and Information Governance Policy which complies with NHS Information Governance and Caldicott requirements in addition to Data Protection Act obligations, including the handling of sensitive personal information. The policy includes annual audit and review and is regularly updated as needed to keep up with staffing, procedural, legal and technological developments.

We are registred under the Data Protection Act with the Information Commissioner’s Office under reference Z8682964

Information Governance Policy

Our full Information Governance policy can be found here. It applies to us as a company, ensuring that our staff handle data securely, as well as ensuring all our products handle data securely too. The documentation is large however, so here are selection of commonly referenced questions:

  • Security of bbRad – here
  • Purpose of use and Everyone’s responsibility, irrespecitive of role or junior/seniority – here
  • IG is part of staff induction & contract – here
  • Ensuring no potential leaks arise from staff leavers – here
  • Patient-identifiable information must not be transferred outside of the EEA – here
  • Segregation of duties, specifically around access to patient data – here
  • Strong encryption of data in transit – here
  • Strong encryption of data at rest – here

Call us – click here for details – or use the contact form to request more information