Our system is based on a sophisticated security infrastructure. It has also been subjected to appropriate security tests to monitor its implementation and effectiveness.

All information you provide to us is stored on cloud servers operated by leading operators with the highest levels of security. We can guarantee a very high level of protection of sensitive data, which is usually even higher than that of the software used by many doctors’ practices.

Any payment transactions carried out by our chosen third-party provider of payment processing services will be encrypted using Secured Sockets Layer technology.

All data is secure and encrypted in transmission and at rest using AES-256 encryption, with restricted access. We also have additional protocols such as transparent data encryption (TDE).

We not only meet the UK and US standards for data security but we exceed them. We demonstrate this by regularly auditing our systems, both internally and externally.

Our various externally audited accreditations such as ISO27001, DTAC, DSPT, and Cyber Essentials + demonstrate our compliance to global security standards and should give you peace of mind.

NowPatient’s commitment to data residency is a key priority, and to that end, we only house data in validated data centers. We pledge that UK-based data remains solely in the UK, while US data is governed by HIPAA-prescribed data security protocols.

The data centers we use align with the highest security and privacy standards, which is demonstrated by a programme of regular external audits to demonstrate efficacy of safeguards against contemporary threats.

Data is backed up constantly. We have scheduled back-ups running daily, weekly and monthly.

NowPatient has 2FA (2 factor authentication) options for you to secure your account. This means there are two layers of security before anyone can access your account. 2FA is essential to web security because it immediately neutralizes the risks associated with compromised passwords.

Rooted in the principle of least privilege, data access is restricted to designated personnel, solidifying data integrity.

Beyond our NHS endorsement, NowPatient strictly aligns with both UK and US regulatory frameworks.
​
This includes not only HIPAA but also the UK’s ISO27001, DTAC, DSPT, and Cyber Essentials+ standards, demonstrating our compliance to global healthcare data protection standards.

Bolstered by AI-augmented analytics, our platforms remain under perpetual surveillance, promptly identifying and neutralizing anomalies.

The General Data Protection Regulation (GDPR) is the single comprehensive EU-wide Law that governs the use, sharing, transfer and processing of any personal data that originates from the EU. Since Brexit, the UK is no longer covered by GDPR but has adopted a very similar law which it has called “UK GDPR”. Personal data in the UK is therefore covered by UK GDPR in conjunction with the Data Protection Act 2018. NowPatient is compliant with the GDPR standards.

NowPatient has taken the proactive step of entering into agreements with our third-party service providers for the protection of personal data. Further details are set out in our privacy policy.

To learn more about the General Data Protection Regulation (GDPR) please visit the ICO website.

HIPAA laws are a series of federal regulatory standards outlining the lawful use and disclosure of protected health information in the United States. HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

HIPAA Compliance requires companies that work with protected health information (PHI) to implement and follow physical, network, and process security measures. NowPatient is HIPAA compliant, including all its approved Business Asssociates (BAs).

NowPatient is registered with the ICO, under requirements of the UK GDPR/Data Protection Act 2018, as a data controller. The registration number is Z9217372.

You can contact NowPatient’s Data Protection Officer at support@nowpatient.com.

Yes. This means that NowPatient may not pass on any data to third parties and is fully compliant with UK GDPR. The legal guidelines are particularly strict for medical data – which is how it should be! We are only obliged to provide medical information to the authorities if a court order is issued.

If you are a UK user, to request the data that NowPatient hold on you please email support@nowpatient.com. You will then be sent an online request form to complete. Your request will be processed within 7 days. Data is supplied in excel format.

If you are a US user, to request the data that NowPatient hold on you please email support@nowpatient.com. You can obtain an electronic or paper copy of your medical record. We will provide a copy or a summary of your health information, usually within fifteen (15) days of your request. We may charge a reasonable, cost-based fee. You can also ask us to provide an electronic copy of your electronic health record to a designee of your choice.

If you would like to request your data to be deleted, please send your request to support@nowpatient.com. You will then be sent an online request form to complete. Your request will be processed within 7 days. If you are a UK user and have received certain NHS services from NowPatient, then that data is subject to NHS data retention policies which may require us to retain your data. We may also need to retain your data for other reasons. Please see our data retention policy for details. If you are a US user, please send your request to support@nowpatient.com.

Records are retained as per the following policy:

Data Retention Policy

Yes. We use cookies to help us improve the way our website works, for example, by ensuring that visitors find what they are looking for easily. You can read more about our cookie policy.