Galaxy S3 native browser does not support code used in this site. Please use Chrome, Firefox or Opera.
Surgery Connect protects patient data by utilising the highest levels of encrytion and by compliance with multiple security accreditations

Data Security

Protecting Patient Data

St Helens Rota

"They are focused on ensuring you have everything you need and they are specialists in primary care…"

GP Care

"X-on was willing to work with us to design and build a telecoms system that fitted with our requirements…"

Hicks Group

"Patients say they are much happier now… staff find the system intuitive and easy to use…"

Vetfone

"They can deliver both a financially acceptable solution and also quality and availability to an emergency service…"

Worcestershire CCGs

"With Surgery Connect, we saw that the system had been designed to meet the needs of practices…"

Meet us at…

September

Management in Practice:
Olympia London 27th

October

NB Medical GP Update:
LCCC Manchester 6th

Best Practice:
NEC Birmingham 17th-18th

As a network provider, X-on stores data on calls (originating number, terminating number, time and duration). This is a requirement under Ofcom regulation and is not specifically related to Patient Identifiable Data (PID).

The NHS guidelines allow for storage of PID within the cloud provided the required security standards are met, and the data is contained within the England boundary. X-on cloud storage meets these audited requirements.

Stored in the Cloud

Recording Security

Specific information on the security of call recordings.

X-on store information on text messages sent to patients and call recordings as detailed in the feature set of Surgery Connect. The storage of this and other data is governed by the NHS IGT (Information Governance Toolkit) regulations and X-on is a registered supplier.

Some key aspects of the requirements to which we adhere:

  • Call recordings and SMS Messages are encrypted at rest
  • Call recordings are accessed through secure encrypted connections via password controlled access
  • All data is permanently deleted after agreed retention periods
  • All data is securely held in UK data centres under control of X-on
  • Geographic redundancy to avoid data loss in a major disaster

Integration

An introduction to integration with clinical systems.

Clinical System Integration

With Clinical System Integration, such as EMIS and SystmOne, we temporarily store data during the identification of patients extracted from the clinical system database. This is in line with the Caldicott principles such that the minimum amount of data required to identify uniquely the patient is used, for example the calling number and month of birthday. This data is then permanently erased after use.

Cloud Advantages

Cloud storage provides clear advantages over traditional on-site systems. Along with the cost benefits, there is peace of mind that comes with knowing your data is stored safely off-site, and not at the mercy of good fortune as is the case with local backups, where fire, flood, theft, accidental deletion, malware or internet attacks may result in permanent data loss.

X-on maintain geographic redundancy via dual sites to avoid data loss in any major disaster.

Access

Access to encrypted data is restricted to authorised users with appropriately strong passwords, and meeting preset criteria. For example, call recording access can be restricted to extensions or phone numbers dialled, or to defined IP addresses or ranges, public or private.

Liability

X-on adheres to the principles of the General Data Protection Regulation (GDPR), which will become law in March 2018. As such we hold liability for a data breach if this occurs in our network. Our customers are provided with the ability to download call recordings on to client PCs (e.g. over the N3 network) and responsibility for the data passes to the client once this download is complete.

Security Compliance Standards

X-on maintains accreditations with ISO 9001 (Quality Management of Systems requirements), ISO 27001 (information security standards), ICO (data protection act compliance), IGT (NHS digital services access requirements), SBS CARAS2 Framework, are a Crown Commercial Service and RM1045 Supplier, and are PCI-DSS (credit card security rules) Level 1 Providers.

For more help with maintaining Patient Data Security in the cloud please call the Sales Team on 0333 332 0000.