Data security & patient confidentiality
How patient data is protected end-to-end across the TriageNix platform — the legal controls we operate under, how we anonymise data before it reaches any AI model, and how long records are kept.
All patient data stored in UK regions; no transfers outside the UK.
TLS 1.2+ in transit, AES-256 at rest, customer-managed keys available.
Encrypted daily backups, 30-day point-in-time recovery, quarterly restore tests.
99.9% target with documented RTO 4h / RPO 1h for clinical workloads.
UK GDPR & Data Protection Act 2018
Controls applied to all personal and special-category health data we process.
Lawful basis (Articles 6 & 9)
Processing of personal data relies on Article 6(1)(e) (public task) and special-category health data on Article 9(2)(h) (provision of health/social care) under direct-care arrangements with the commissioning NHS organisation.
Data minimisation
Only the minimum data needed to deliver triage is collected. Free-text symptom descriptions are stripped of identifiers before being sent to any AI model, and structured fields default to optional.
Data subject rights
Patients can exercise access, rectification, erasure (subject to clinical record retention duties), restriction, portability and objection rights via a single SAR endpoint with a 30-day SLA, monitored by the DPO.
DPIA & records of processing
A live Data Protection Impact Assessment (DPIA) and Article 30 ROPA are maintained per deployment, reviewed annually and on any material change to the processing.
NHS Data Security & Protection Toolkit
Annual 'Standards Met' submission across the 10 National Data Guardian standards.
Standards Met submission
TriageNix Group submits an annual NHS Data Security & Protection Toolkit (DSPT) self-assessment at 'Standards Met', covering all 10 National Data Guardian standards. ODS code and submission status available on request.
Cyber Essentials Plus & ISO 27001-aligned ISMS
An information security management system aligned to ISO/IEC 27001 underpins access control, asset management, supplier assurance, vulnerability management and incident response. Cyber Essentials Plus certification is renewed annually.
Staff training & access governance
All staff complete the NHS Data Security Awareness (Level 1) module annually. Access to patient data is role-based, MFA-enforced, just-in-time where possible, and reviewed quarterly under joiner/mover/leaver controls.
Incident reporting
Confirmed personal data breaches are reported to the ICO within 72 hours and notified to the commissioning organisation; cyber incidents above the DSPT threshold are reported via the NHS England DSPT incident reporting tool.
How patient data is anonymised
Identifiers are removed before any data reaches a third-party AI model.
- 1
Direct identifier stripping
Names, NHS numbers, addresses, postcodes (beyond outward code), phone numbers, email addresses and dates of birth (kept as age band only) are removed before any LLM call.
- 2
Pseudonymisation at rest
Records are stored against a per-deployment pseudonymous case ID. The mapping table to the patient identifier is held in a separate, encrypted store with restricted access for re-identification only by authorised clinicians.
- 3
Free-text scrubbing
Patient narratives pass through a PII redaction layer (regex + NER) prior to model input; redactions are logged and reversible only within the trusted clinical environment.
- 4
Aggregated analytics only
Reporting dashboards and model-improvement datasets use k-anonymised, aggregated data (k ≥ 5) per ICO Anonymisation Code of Practice. No raw identifiable data leaves the UK clinical boundary.
Retention schedule
Periods follow the NHS Records Management Code of Practice 2021 and UK GDPR storage-limitation principle.
| Data type | Retention period | Basis |
|---|---|---|
| Clinical triage record (part of GP/health record) | Lifetime + 10 years (adult) / until 25th birthday or +10 years (child) | NHS Records Management Code of Practice 2021 |
| Conversation transcript & AI decision metadata | 8 years from episode close | Aligns with adult clinical record minimum; supports DCB0129 audit and coronial review |
| Pseudonymisation key / re-identification map | Co-terminus with clinical record; destroyed on lawful erasure | UK GDPR Art. 5(1)(e) storage limitation |
| Audit logs (access, override, red-flag) | 8 years | DSPT NDG Standard 6 / NHS audit requirements |
| Aggregated, anonymised analytics | Indefinite | No longer personal data under UK GDPR Recital 26 |
| Marketing & website contact enquiries | 24 months from last contact | Legitimate interests; reviewed annually |
Make a data request
Exercise your UK GDPR rights or raise a DSP Toolkit query, and track its status here.
Data Protection Officer
Your single point of contact for data subject and DSP Toolkit queries.
- dpo@triagenixgroup.co.uk
- Acknowledgement
- Within 3 working days
- Statutory deadline
- 30 calendar days (UK GDPR Art. 12(3))
- Right to complain
- You may also contact the Information Commissioner's Office.
Submit a SAR or DSP Toolkit request
Use this form to exercise your UK GDPR rights or raise a Data Security & Protection Toolkit query. We may ask for proof of identity before releasing personal data.
Frequently asked
Need our DSPT, DPIA or Clinical Safety Case?
Procurement and IG packs available on request, including DCB0129 evidence per pathway.
