Committed to Data Privacy for you and your patients

PatientNotes takes data privacy seriously. We are constantly working to ensure that our practices meet the highest standards of GDPR compliance.

PatientNotes follows the data regulations established by the GDPR, UK GDPR and UK DPA to provide important privacy measures for the protection of personal data of individuals within the EU and UK.

How does PatientNotes comply with GDPR?

Data Security:

We implement robust security measures to safeguard your patients' data, including encryption of data at rest and in transit, access controls, and regular security audits. For more information see our security page.

Transparency and Control:

We are committed to being transparent about our data practices. We provide clear information about how we collect, use, and store your patients' data in our privacy policy. You can access and update your account information at any time.

Individual rights

Data Subject Requests empower individuals with control over their personal information.

  • Right to be informed: You have the right to understand what personal data is being collected about you, the purpose of that collection, and who it will be shared with.
  • Access: You can request a copy of your personal data in a clear and understandable format. The PatientNotes system securely deletes all patient information after 30 days. Data cannot be accessed after this time.
  • Rectification: If you find any inaccuracies in your data, you have the right to request corrections.
  • Erasure: You can request the deletion of your personal data.
  • Restriction: You can limit what your data is used for.
  • Portability: You can receive your data in a format transferable to another service.
Any such request should be directed to [email protected]

Frequently asked questions

What is GDPR?

The GDPR is a regulation in EU law that sets out how personal data should be handled and protected. It applies to any organization that processes the personal data of individuals in the EU.

What is a DPA?

A Data Protection Agreement (DPA) is a contract between organizations handling personal data. It ensures secure processing, compliance with regulations like GDPR, and outlines what data can be accessed, for how long, and how individuals' rights are upheld.

How do I sign a DPA with PatientNotes?

PatientNotes offers Data Processing Agreements to all customers located in the UK and EU. To request a DPA please contact [email protected]

Got more questions? Contact us.

[email protected]