Advice on GDPR and Medical Messenger
to NHS Medical Practices
The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018 and impacts every organisation which holds or processes personal data. It introduces new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the Data Protection Act (DPA) 1998 which it superseded.
Voice Connect is committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards including ISO 27001. The company complies with applicable GDPR regulations, including as a data processor, while also working closely with our customers and partners to meet contractual obligations for our procedures, products and services. Voice Connect reviewed our systems and solutions to minimise the need to hold personal data and where we do, to do so in a safe and secure manner. All data is held in secure servers and is encrypted.
Clients using Voice Connect’s Medical Messenger software
Medical Messenger uses secure APIs provided by the clinical database manufacturers to securely connect to your clinical system. These APIs limit the data Medical Messenger can access to the relevant appointment details.
Medical Messenger uses the patient’s Mobile number, Email Address and message content. The message is usually the appointment reminder details for the patient but can also be health campaign information. For clients that utilise the SmartMail postage element of Medical Messenger the patient’s postal address is also used.
Permission to send SMS Text Messages to a Mobile Phone (Number)
If a computer or paper form offers the option to send SMS text messages to a mobile phone number, the default must be to not send messages. Specifically, if a computer or paper form has a check box, which must contain a tick, to send SMS text messages, the check box must be empty, by default. In other words, the default option must be to Opt Out, so that an individual must explicitly Opt In to permit SMS text messages to be sent to his/her mobile phone number.
Medical Messenger STOP Facility
Patients can also choose not to receive messages either through the software or by replying “STOP” to a text if the service is running on paid for texts. NHS texts unfortunately can’t offer this functionality. All patients can be selected to not receive texts until they have been contacted for their permission to send reminders and campaign information.
The STOP facility may be unavailable if the practice does not use Voice Connect as the SMS provider.
Retention of Reporting Data
Reporting data for each practice is kept for a maximum of 6 months and all data is cleansed within 30 days of a practice cancelling the service.
Clients using Voice Connect’s VC SmartMail postal services. All SmartMail printing is routed through our partner CFH Docmail. CFH have reviewed their systems to comply with GDPR: their statement regarding GDPR can be seen HERE. The transfer of data to CFH is automated, fully secured and encrypted.
Building on existing security and business continuity management systems and certifications, including ISO 9001, ISO 27001 and IGSoC, we are confident of our GDPR compliance and the security and integrity of your data.