Galaxy S3 native browser does not support code used in this site. Please use Chrome, Firefox or Opera.
Surgery Connect protects patient data by utilising the highest levels of encrytion and by compliance with multiple security accreditations

Data Security

Protecting Patient Data

Wallace House Surgery

"Moving to X-on enables us to release more phone lines when required, providing our patients a more pleasant telephone experience…"

GP Care

"X-on was willing to work with us to design and build a telecoms system that fitted with our requirements… look at the bigger picture and work as partners…"

Urgent Care

"X-on has now given us the ability to record conversations, giving our clinicians an increased safety net should an issue arise between the patient and clinician…"

Vetfone

"X-on have proved that they can deliver both a financially acceptable solution and also the quality and availability of service to an emergency service…"

Welsh Ambulance

"On a daily basis the system worked flawlessly… wallboard displayed all our stats, the calls were recorded, the reports all ran…"

Primary Care and Public Health: NEC Birmingham 16th-17th May  / National Docman Conference: Etihad Stadium Manchester 17th May - Stamford Bridge London 22nd May / Primary Care Conference: Adelphi House Salford 31st May

As a network provider, X-on stores data on calls (originating number, terminating number, time and duration). This is a requirement under Ofcom regulation and is not specifically related to Patient Identifiable Data (PID).

The NHS guidelines allow for storage of PID within the cloud provided the required security standards are met, and the data is contained within the England boundary. X-on cloud storage meets these audited requirements.

Stored in the Cloud

Recording Security

Specific information on the security of call recordings.

X-on store information on text messages sent to patients and call recordings as detailed in the feature set of Surgery Connect. The storage of this and other data is governed by the NHS IGT (Information Governance Toolkit) regulations and X-on is a registered supplier.

Some key aspects of the requirements to which we adhere:

  • Call recordings and SMS Messages are encrypted at rest
  • Call recordings are accessed through secure encrypted connections via password controlled access
  • All data is permanently deleted after agreed retention periods
  • All data is securely held in UK data centres under control of X-on
  • Geographic redundancy to avoid data loss in a major disaster

Integration

An introduction to integration with clinical systems.

Clinical System Integration

With Clinical System Integration, such as EMIS and SystmOne, we temporarily store data during the identification of patients extracted from the clinical system database. This is in line with the Caldicott principles such that the minimum amount of data required to identify uniquely the patient is used, for example the calling number and month of birthday. This data is then permanently erased after use.

Cloud Advantages

Cloud storage provides clear advantages over traditional on-site systems. Along with the cost benefits, there is peace of mind that comes with knowing your data is stored safely off-site, and not at the mercy of good fortune as is the case with local backups, where fire, flood, theft, accidental deletion, malware or internet attacks may result in permanent data loss.

X-on maintain geographic redundancy via dual sites to avoid data loss in any major disaster.

Access

Access to encrypted data is restricted to authorised users with appropriately strong passwords, and meeting preset criteria. For example, call recording access can be restricted to extensions or phone numbers dialled, or to defined IP addresses or ranges, public or private.

Liability

X-on adheres to the principles of the General Data Protection Regulation (GDPR), which will become law in March 2018. As such we hold liability for a data breach if this occurs in our network. Our customers are provided with the ability to download call recordings on to client PCs (e.g. over the N3 network) and responsibility for the data passes to the client once this download is complete.

Security Compliance Standards

X-on maintains accreditations with ISO 9001 (Quality Management of Systems requirements), ISO 27001 (information security standards), ICO (data protection act compliance), IGT (NHS digital services access requirements), SBS CARAS2 Framework, are a Crown Commercial Service and RM1045 Supplier, and are PCI-DSS (credit card security rules) Level 1 Providers.

For more help with maintaining Patient Data Security in the cloud please call the Sales Team on 0333 332 0000.