Working in healthcare privacy and clinical safety are the building blocks for everything we do. As a company, we will never sell patient data and will always strive to build products which are clinically sound and tested to a strict and rigorous standard. Our company was founded by working NHS clinicians and we carry their ethos over into anything we do.
Our Clinical Governance Board comprises of consultant or equivalent seniority NHS GPs, clinicians and specialists from emergency departments, including paramedics, intensive care, trauma, surgery, HEMS, paediatrics, and prescribing pharmacists. The Board meets regularly to undertake content reviews and ensure that eConsult always adheres to the latest guidance and the highest safety standards.
Our Clinical Governance Lead and Information Governance Lead meet monthly to maintain our hazard logs and safety case and identify any new potential risks or Data Protection Impact Assessment (DPIA) requirements.
We have followed the MHRA guidance on medical devices and have appointed a Medical Safety Officer, and applied the standards defined in DCB0129/DCB0160 and will continue to do so.
Our clinical governance team are award-winning as finalists in the 2019 patient Safety awards for clinical governance and winners in 2018.
Award winning Clinical Governance
eConsult is safe. eConsult always alerts patients who report a serious symptom or a medical emergency. Our red flag system immediately directs patients to seek the most appropriate care.
Our Clinical Governance board comprises of NHS GPs, clinicians and specialists. The board meets regularly to undertake content reviews and ensure that eConsult always adheres to the latest guidance and the highest safety standards.
Our Clinical Governance Lead and Information Governance Lead meet monthly to maintain our hazard logs and safety case, and identify any new potential risks or Data Protection Impact Assessment (DPIA) requirements.
Following the MHRA guidance on medical devices, we have appointed a Medical Safety Officer, and applied the standards defined in DCB0129/DCB0160 and will continue to do so.
We are proud winners and finalists of several Patient Safety Awards.
Data is kept secure at all times
- We encrypt patient details for their entire journey into your practice
- We do not store any patient-identifiable medical information
- Built on top of a secure framework, our platform has protection against typical website attacks (e.g. XSS, SQL and HTML injections)
- We score highly on regular pen tests with independent, external providers
- CISSP-certified architect configured infrastructure
- All interactions with the website are via a secure connection, using up-to-date encryption techniques (TLS v1.2, strong key exchange and strong cypher)
We’re always fully compliant
- We use consent as our lawful basis for processing patient data
- We have written our privacy notice in plain English, and made clear the legal rights of the patient
- We have appointed a Data Protection Officer, in line with our responsibilities for handling sensitive data
- We are DSP Toolkit compliant (for all mandatory sections and all optional sections)
- We comply with the National Data Guardian recommendations
- Our platform is hosted in a Tier 3, ISO 27001 Data Centre, behind HSCN
- We are ITK compliant and certified to send data to the GPSoC providers over MESH
Medical Indemnity and Guidance
The Clinical Negligence Scheme for General Practice (CNSGP) covers activities which are commissioned under a GMS, PMS or APMS contract (or related enhanced primary care elements under an NHS Standard Contract), and where a provider provides services directly or under a sub-contract.
The scheme coverage extends to nurses/ANPs and other practice staff who are carrying out activities in connection with the delivery of primary medical services. The location of the services being provided and whether they are digital or face-to-face will not affect the cover.
The services/consultations must be being provided via a GMS/PMS/APMS contract and the consultations themselves must be connected to the diagnosis, care or treatment of a patient.
Guidance on features
eConsult will always support you and listen to feedback about how to improve our product both for you and for your patients. During COVID-19, with the increasing use of photo uploads, we strengthened the information provided to patients about who views optional photo uploads, what happens with photos that are uploaded, and which types of photos are not appropriate to upload (see our guide for practices.)
Guidance of relevance from other bodies:
We hold ourselves to high standards of excellence
ISO/IEC 27001 is a specification for an information security management system (ISMS), which is a framework for an organization’s information risk management processes.
This certification (Cert No. 20623) covers the provision of software developed medical and digital health products including the company-wide IT security management processes for operations, development and support services offered through implementation in accordance with SOA Version 1, dated 3/12/2021 in the following locations:
- London, England
- Brighton, England
To request a specific certification for an audit, please contact Security@econsult.health