Are we CQC registered?
CQC regulates healthcare providers. According to CQC Registration Requirements, Virtual Triage is not a healthcare provider, it is the software used to book one.
Adherence to Security Principles and Best Practices
NHS Digital certified that Virtual Triage had completed a Data Security and Protection Toolkit self-assessment to demonstrate it is practicing good data security and that personal information is handled correctly. Virtual Triage ensures continuous monitoring and enhancement of security controls, referencing industry best practices and conformity with established security principles like the AICPA Trust Services Principles and UK GDPR requirements.
Regular Independent Security Assessments
Virtual Triage engages reputable third parties to conduct independent assessments, including ICO registration (ZB962983) and GDPR compliance audits, to validate the effectiveness of security measures and maintain transparency with stakeholders about security compliance.
Comprehensive Penetration Testing
Virtual Triage performs annual network and application penetration tests through independent security firms. Issues are resolved promptly and leadership is kept informed on the status of the security landscape.
Access Control Measures
Virtual Triage implements role-based access controls, multi-factor authentication for privileged access, and least-privilege principles to ensure that only authorized personnel can access sensitive patient and clinician data.
Secure Cloud Infrastructure
Virtual Triage utilizes healthcare-grade cloud infrastructure with network segmentation, regular backups, and robust disaster recovery procedures to ensure high availability and data protection.
Data Encryption Protocols
All patient and clinician data is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. Encryption keys are managed securely with proper key rotation and access controls.
Endpoint Security
Virtual Triage implements comprehensive endpoint security measures including device management, secure configurations, and monitoring to protect against unauthorized access and malware.
Centralized Log Management
All system activities, access attempts, and security events are logged centrally with audit trails. Logs are retained according to legal and regulatory requirements and are regularly reviewed for security incidents.
Network Protection Strategies
Virtual Triage employs network segmentation, firewalls, intrusion detection systems, and DDoS protection to safeguard against network-based attacks and unauthorized access attempts.
Employee Security Awareness and Compliance
All Virtual Triage employees undergo regular security awareness training and are required to comply with data protection policies. Background checks and confidentiality agreements are standard practice.
Secure Development Lifecycle
Virtual Triage follows secure coding practices, conducts code reviews, implements automated security testing, and performs security assessments throughout the software development lifecycle.
Controlled Third-Party Data Handling
Virtual Triage maintains strict controls over third-party data processors, ensuring Data Processing Agreements (DPAs) are in place, sub-processors are vetted, and data transfers comply with UK GDPR requirements.
Need compliance details?
Contact us for DPIAs, data flow diagrams, sub-processor lists, and security posture information.
teams@virtualtriage.ai