| Information Asset Name | Supplier Name (IT Only) | Contract Location (IT Only) | Contract Start Date (IT Only) | Contract End Date (If applicable, IT Only) | What information is kept here, why? | Location | Special Category Data? | Owner | Shared Externally? If so, is the Process Included on the ROPA? | Do you receive it from someone outside your organisation or share it externally? | Risks if there is a breach | What security measures have been put into place | Date IA issued (if applicable) | Date IA returned | Date of last audit | Has there been a breach since last audit? | If breach since last audit, have all action items been completed? |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Healthtech 1 gathers this information from the clinical system of the contracted GP practice | Cloud | November 1, 2021 | n/a | Patient demographic information and lab report data is collected, stored and used in order to file and action the lab report on behalf of GP practices. | Azure Cloud in UK South Servers | Yes, patient medical results |  Pete ๐งช twenty--twenty | No | This comes from our GP practice | Demographic and medical details can be associated with a patient that could be used to access other sources of information. Service users' highly personal records would be seen. This could cause upset to service users, reputational damage to the company, and breach data protection legislation. The company could be fined or other pernalties could be imposed. Medical data could be used against the patient causing harm ranging from distress to economic damage (e.g. employment changes) | This is in our own secure systems. We store this data in a secure cloud built in a safe software architecture. We restrict access and controls to only those need access to this information. We adhere to national security guidance and Cyber Security Essentials and Plus (external audit). We have annual 3rd party assessments of our software. | November 1, 2021 | June 27, 2024 | ||||
Healthtech 1 gathers this information from the patient. | Cloud | November 1, 2021 | n/a | Patient demographic and medical information is collected, stored and used in order to be able to register a patient for our customers, GP practices. | Azure Cloud in UK South Servers | Yes, Ethnicity and Sexual Orientation, for practice's population understanding. | Pete ๐งช twenty--twenty | No | No, we recieve this directly from the patient. | Demographic and medical details can be associated with a patient that could be used to access other sources of information. Service users' highly personal records would be seen. This could cause upset to service users, reputational damage to the company, and breach data protection legislation. The company could be fined or other pernalties could be imposed. | This is in our own secure systems. We store this data in a secure cloud built in a safe software architecture. We restrict access and controls to only those need access to this information. We adhere to national security guidance and Cyber Security Essentials. We have annual 3rd party assessments of our software. | November 1, 2021 | June 27, 2024 | ||||
Healthtech 1 gathers this information from the practice. | Cloud | November 1, 2021 | Information needed to associate a registration with a practice in the clinical system. | Azure Cloud in UK South Servers | No | Pete ๐งช twenty--twenty | No | No, we recieve this directly from the practice. | Contact information we get from practices is public already. We also create documentation of each practices | This information is stored within enterprise grade software, Google Workspace. We've ensured that our subscription is the most secure version - Google Enterprise Plus. This gives us the ability to keep our data within the EU, store backups, have advanced security controls as well. This is above the security level of most organisations. | November 1, 2021 | June 27, 2024 | |||||
Ourselves | Cloud, Physical | November 1, 2021 | General plans, operations, documents that help us reach our company objectives! To reduce the admin burden away from GP practices! | Azure Cloud in UK South Servers, Stratford Village Surgery | No | Pete ๐งช twenty--twenty | No | No, we generate this. | Sensitive company information on our activities, people and assets could be accessed. With malicious intent, the actor could create disruption to our client and their end user needs. | Similar to our practice information. Plus internal security processes to ensure that internal data remains within. | November 1, 2021 | June 27, 2024 |
Glossary
IA = Information Asset. A body of information that has value to an organisation. This also includes all personal information.
Notes
Last updated 27th June 2024 by Peter Huang.