UK GDPR · DPA 2018 · NHS DSP Toolkit

Data security & patient confidentiality

How patient data is protected end-to-end across the TriageNix platform — the legal controls we operate under, how we anonymise data before it reaches any AI model, and how long records are kept.

UK-only hosting

All patient data stored in UK regions; no transfers outside the UK.

Encryption

TLS 1.2+ in transit, AES-256 at rest, customer-managed keys available.

Backups

Encrypted daily backups, 30-day point-in-time recovery, quarterly restore tests.

Availability

99.9% target with documented RTO 4h / RPO 1h for clinical workloads.

UK GDPR & Data Protection Act 2018

Controls applied to all personal and special-category health data we process.

Lawful basis (Articles 6 & 9)

Processing of personal data relies on Article 6(1)(e) (public task) and special-category health data on Article 9(2)(h) (provision of health/social care) under direct-care arrangements with the commissioning NHS organisation.

Data minimisation

Only the minimum data needed to deliver triage is collected. Free-text symptom descriptions are stripped of identifiers before being sent to any AI model, and structured fields default to optional.

Data subject rights

Patients can exercise access, rectification, erasure (subject to clinical record retention duties), restriction, portability and objection rights via a single SAR endpoint with a 30-day SLA, monitored by the DPO.

DPIA & records of processing

A live Data Protection Impact Assessment (DPIA) and Article 30 ROPA are maintained per deployment, reviewed annually and on any material change to the processing.

NHS Data Security & Protection Toolkit

Annual 'Standards Met' submission across the 10 National Data Guardian standards.

Standards Met submission

TriageNix Group submits an annual NHS Data Security & Protection Toolkit (DSPT) self-assessment at 'Standards Met', covering all 10 National Data Guardian standards. ODS code and submission status available on request.

Cyber Essentials Plus & ISO 27001-aligned ISMS

An information security management system aligned to ISO/IEC 27001 underpins access control, asset management, supplier assurance, vulnerability management and incident response. Cyber Essentials Plus certification is renewed annually.

Staff training & access governance

All staff complete the NHS Data Security Awareness (Level 1) module annually. Access to patient data is role-based, MFA-enforced, just-in-time where possible, and reviewed quarterly under joiner/mover/leaver controls.

Incident reporting

Confirmed personal data breaches are reported to the ICO within 72 hours and notified to the commissioning organisation; cyber incidents above the DSPT threshold are reported via the NHS England DSPT incident reporting tool.

How patient data is anonymised

Identifiers are removed before any data reaches a third-party AI model.

  1. 1

    Direct identifier stripping

    Names, NHS numbers, addresses, postcodes (beyond outward code), phone numbers, email addresses and dates of birth (kept as age band only) are removed before any LLM call.

  2. 2

    Pseudonymisation at rest

    Records are stored against a per-deployment pseudonymous case ID. The mapping table to the patient identifier is held in a separate, encrypted store with restricted access for re-identification only by authorised clinicians.

  3. 3

    Free-text scrubbing

    Patient narratives pass through a PII redaction layer (regex + NER) prior to model input; redactions are logged and reversible only within the trusted clinical environment.

  4. 4

    Aggregated analytics only

    Reporting dashboards and model-improvement datasets use k-anonymised, aggregated data (k ≥ 5) per ICO Anonymisation Code of Practice. No raw identifiable data leaves the UK clinical boundary.

ICO Anonymisation Code aligned
No identifiable data sent to LLMs
UK-only processing boundary

Retention schedule

Periods follow the NHS Records Management Code of Practice 2021 and UK GDPR storage-limitation principle.

Data typeRetention periodBasis
Clinical triage record (part of GP/health record)Lifetime + 10 years (adult) / until 25th birthday or +10 years (child)NHS Records Management Code of Practice 2021
Conversation transcript & AI decision metadata8 years from episode closeAligns with adult clinical record minimum; supports DCB0129 audit and coronial review
Pseudonymisation key / re-identification mapCo-terminus with clinical record; destroyed on lawful erasureUK GDPR Art. 5(1)(e) storage limitation
Audit logs (access, override, red-flag)8 yearsDSPT NDG Standard 6 / NHS audit requirements
Aggregated, anonymised analyticsIndefiniteNo longer personal data under UK GDPR Recital 26
Marketing & website contact enquiries24 months from last contactLegitimate interests; reviewed annually

Make a data request

Exercise your UK GDPR rights or raise a DSP Toolkit query, and track its status here.

Data Protection Officer

Your single point of contact for data subject and DSP Toolkit queries.

Acknowledgement
Within 3 working days
Statutory deadline
30 calendar days (UK GDPR Art. 12(3))
Right to complain
You may also contact the Information Commissioner's Office.

Submit a SAR or DSP Toolkit request

Use this form to exercise your UK GDPR rights or raise a Data Security & Protection Toolkit query. We may ask for proof of identity before releasing personal data.

Loading…

Frequently asked

Need our DSPT, DPIA or Clinical Safety Case?

Procurement and IG packs available on request, including DCB0129 evidence per pathway.

Open Safety Case