We take privacy very seriously and have put several processes into place to ensure that our products, services and workstreams are compliant.
All staff undergo an assessment as part of the application process, and everyone who has access to sensitive information are subject to additional checks, regardless of their location. All staff with access to sensitive information undergo vetting to an appropriate standard as defined by the Warwickshire Vetting Unit. All operational staff are certified medical professionals in verified good standing with their governing bodies.
We often get questions about our technology solutions and security protocols, and have put together several supporting documents which we are happy to share. These technical documents and Q&As can help with your business case, filling out a DPIA, or ensuring your DPO understands how our process works. We also have several policies in place which all staff must adhere to, including a Data Protection Policy, a Data Retention & Deletion Policy and a Password Policy.
SFR Medical uses the following mediums to share patient sensitive information both internally and externally:
All sensitive data is stored on an NHS One Drive/ Microsoft Dynamics UK datacentres and accessed by authorized SFR Medical staff only via Azure virtual machines(VMs). The Azure VMs ensures that
The NHS email system is end-to-end encrypted and allows for secure transmission, mitigating for paper-loss or electronic device loss and inadvertent information disclosure. The NHSMail Live Service is accredited and compliant with ISO27001 as well as a number of other security standards. It has been approved as a permitted method of emailing personal identifiable data (PID) or confidential data in the UK (https://digital.nhs.uk/services/microsoft-office-365-for-the-nhs).
Alongside, Microsoft ensures that the data at it datacentres(data at rest) and data in transit are encrypted to minimize security risks. Microsoft Dynamics follows industry standard encryption protocols, and provides strong access management through multifactor authentication and azure security centre. Microsoft Cyber Defense Operations Center (CDOC) protects Microsoft’s Cloud infrastructure and customers from evolving threats.
We comply with relevant guidelines with regards to data retention. During the retention period, data is stored by SFR Medical on secure Azure BLOB storage.
SFR Medical is Cyber Essentials certified and complies with 14 cloud principles.