Wallace House Surgery
"Moving to X-on enables us to release more phone lines when required, providing our patients a more pleasant telephone experience…"
GP Care UK
"X-on was willing to work with us to design and build a telecoms system that fitted with our requirements… look at the bigger picture and work as partners…"
"X-on has now given us the ability to record conversations, giving our clinicians an increased safety net should an issue arise between the patient and clinician…"
"X-on have proved that they can deliver both a financially acceptable solution and also the quality and availability of service to an emergency service…"
"On a daily basis the system worked flawlessly… wallboard displayed all our stats, the calls were recorded, the reports all ran…"
As a network provider, X-on stores data on calls (originating number, terminating number, time and duration). This is a requirement under Ofcom regulation and is not specifically related to Patient Identifiable Data (PID).
The NHS guidelines allow for storage of PID within the cloud provided the required security standards are met, and the data is contained within the England boundary. X-on cloud storage meets these audited requirements.
Stored in the Cloud
Specific information on the security of call recordings.
X-on store information on text messages sent to patients and call recordings as detailed in the feature set of Surgery Connect. The storage of this and other data is governed by the NHS IGT (Information Governance Toolkit) regulations and X-on is a registered supplier.
Some key aspects of the requirements to which we adhere:
- Call recordings and SMS Messages are encrypted at rest
- Call recordings are accessed through secure encrypted connections via password controlled access
- All data is permanently deleted after agreed retention periods
- All data is securely held in UK data centres under control of X-on
- Geographic redundancy to avoid data loss in a major disaster
An introduction to integration with EMIS Web.
With EMIS Integration, we are able to temporarily store data during the identification of patients extracted from the EMIS database. This is in line with the Caldicott principles such that the minimum amount of data required to identify uniquely the patient is used, for example the calling number and month of birthday. This data is then permanently erased after use.
Cloud storage provides clear advantages over traditional on-site systems. Along with the cost benefits, there is peace of mind that comes with knowing your data is stored safely off-site, and not at the mercy of good fortune as is the case with local backups, where fire, flood, theft, accidental deletion, malware or internet attacks may result in permanent data loss.
X-on maintain geographic redundancy via dual sites to avoid data loss in any major disaster.
Access to encrypted data is restricted to authorised users with appropriately strong passwords, and meeting preset criteria. For example, call recording access can be restricted to extensions or phone numbers dialled, or to defined IP addresses or ranges, public or private.
X-on adheres to the principles of the General Data Protection Regulation (GDPR), which will become law in March 2018. As such we hold liability for a data breach if this occurs in our network. Our customers are provided with the ability to download call recordings on to client PCs (e.g. over the N3 network) and responsibility for the data passes to the client once this download is complete.
Security Compliance Standards
X-on maintains accreditations with ISO 9001 (Quality Management of Systems requirements), ISO 27001 (information security standards), ICO (data protection act compliance), IGT (NHS digital services access requirements), SBS CARAS2 Framework, are a Crown Commercial Service and RM1045 Supplier, and are PCI-DSS (credit card security rules) Level 1 Providers.
For more help with maintaining Patient Data Security in the cloud please call the Sales Team on 0333 332 0000.