As the General Data Protection Regulation (GDPR) deadline looms, we’ve received several questions from our clients about what GDPR is and what iCareHealth is doing to comply

The majority of the questions we have received are very similar and so to help answer some of those questions, we’ve provided a set of responses and outlined a little on GDPR below.

The information on this page has been pulled together to be used for informational purposes only and is not intended to serve as legal advice. You should work closely with your legal team to determine exactly how GDPR might affect you.


Background

iCareHealth is committed to ensuring the protection of personal data is at the core of our systems and services and take our obligations very seriously. To comply with the new General Data Protection Regulations (GDPR) coming into force 25 May 2018, and to assure we sustain compliance through the coming UK Data Protection Act and further regulatory updates, we continue to review our policies in line with the regulations and guidelines published by the Information Commissioner’s Office and the NHS Digital Codes of practice for handling information in health and care.

We already maintain certification for the ISO 27001 security standard for our information security management system (ISMS) as well as being certified to the ISO 9001 Quality Management System.

For that we maintain the following policies in support of our certifications:

  • Data Protection Policy
  • Information Classification, Handling and Protection Policy
  • Acceptable Use Policy
  • IT Security and Infrastructure Policy

FAQ’s

In addition to checking out the FAQs below, we recommend that you check out the Legal Hub available on our website. The Legal Hub provides you with access to key artefacts that we hope help you understand how iCareHealth works with and protects its website visitors, customers, and partners.

All data is hosted within the EEA – to see information on our hosting partners as well as our other subprocessors, please click here.

iCareHealth clients will of course have users who can securely view and edit data through the iCareHealth application in order to provide care services. Also, iCareHealth will sometimes need to access hosted data to provide client support. Secure access is provided by authenticated access through the application, but also iCareHealth can securely access the hosted data through username/password encrypted access, locked down to our offices. All data access follows our ISO-27001 policies for Information Handling and IT Security.

iCareHealth hold data in line with Data Protection and NHS guidelines for Healthcare data. The specifics are detailed in our Information Classification, Handling and Protection Policy which is available to clients and potential clients upon request.

iCareHealth security measures are certified to ISO-27001. We have included a breakdown of appropriate information, per application, on our Security Policy page.

Sensitive personal data is stored within iCareHealth’s services. Evidencing care means iCareHealth systems will store data about an individual’s physical or mental health or condition.

The GDPR requires certain conditions to be contracted into between a Data Controller and a Data Processor. As such iCareHealth have updated their standard terms and conditions, which can be found here.

Yes, the ICO state that a DPO must be appointed as our “core activities consist of large scale processing of special categories of data”. Our Data Protection officer can be contacted at [email protected].

iCareHealth are a Data Processor when it comes to the provision of a system that our Clients use to provide and evidence care. In this care provision situation, it is our Clients who are Data Controllers.

iCareHealth also act as a Data Controller of personal data that we maintain as part of our business activities; for example our staff and any client contact data for marketing, sales or contractual purposes.

Contact Us

If you have questions regarding this page or about the iCareHealth’s privacy practices, please contact us by email at [email protected], or at:

iCareHealth UK
Weavers Mill
High Street
Haverhill
Suffolk
CB9 8DD