Patient lab report result data

Supplier Name (IT Only)

Healthtech 1 gathers this information from the clinical system of the contracted GP practice

Contract End Date (If applicable, IT Only)

n/a

Contract Location (IT Only)

Cloud

Contract Start Date (IT Only)

November 1, 2021

Date IA issued (if applicable)

November 1, 2021

Date IA returned

Date of last audit

June 27, 2024

Do you receive it from someone outside your organisation or share it externally?

This comes from our GP practice

Has there been a breach since last audit?

If breach since last audit, have all action items been completed?

Location

Azure Cloud in UK South Servers

Owner

Pete 🧪 twenty--twenty

Risks if there is a breach

Demographic and medical details can be associated with a patient that could be used to access other sources of information. Service users' highly personal records would be seen. This could cause upset to service users, reputational damage to the company, and breach data protection legislation. The company could be fined or other pernalties could be imposed. Medical data could be used against the patient causing harm ranging from distress to economic damage (e.g. employment changes)

Shared Externally? If so, is the Process Included on the ROPA?

Special Category Data?

Yes, patient medical results

What information is kept here, why?

Patient demographic information and lab report data is collected, stored and used in order to file and action the lab report on behalf of GP practices.

What security measures have been put into place

This is in our own secure systems. We store this data in a secure cloud built in a safe software architecture. We restrict access and controls to only those need access to this information. We adhere to national security guidance and Cyber Security Essentials and Plus (external audit). We have annual 3rd party assessments of our software.