On 25 May 2018, GDPR, the EU’s new regulation on data protection, came into effect. GDPR essentially supersedes the Data Protection Act, placing additional obligations on all organisations to ensure data they hold is collected on a lawful basis, used only for the purposes for which it has been collected, and stored and processed in such a way that prevents damage or loss. The regulation also enhances the rights of individuals in accessing data stored on them or requesting deletion of this data.
At Qunote, we are committed to helping our clients fulfil their data security obligations, providing a compliant, cost-effective and easy to implement solution for securely storing and sharing clinical records.
Ensuring privacy by design within internal systems and processes is a central tenet of GDPR. Thankfully, every aspect of the Qunote system has been designed with privacy in mind.
Login is protected by a triple level entry system and user access to functionality and client data is permission driven. You have complete control over what parts of the system and client files your users have access to, and permissions can be easily amended at any point. Should you need to entirely revoke a user’s access to the system, this can be done at the click of a button.
Database logs of user activity are maintained and can be provided to you on request, helping you ensure accountability in the event of an internal data breach.
Records and notes can be recorded directly into the Qunote system, saving the need to keep paper records or store notes locally.
All Qunote data is stored on a dedicated server hosted in a secure UK server centre. The server centre is protected by its own compound, 24-hour manned security, CCTV and access by named personnel only. Data is backed-up daily to a separate secure server cluster also located in the UK, with back-ups held on a seven-day rolling basis, and the hosting network is protected by two high-performance firewalls working in tandem.
Communication with the server is encrypted by a 2048Bit Transport Layer Security.
Under GDPR, it is essential that you are able to easily access, change or delete the data you hold if required.
Qunote’s comprehensive search functions make it incredibly easy to manage the data you hold, allowing you to quickly and simply find notes on a client’s file going back several years. By setting up different client groups, you can archive closed cases while retaining easy access to the data should you require it, such as in the event of a subject access request.
Data stored within Qunote also meets GDPR’s requirement of portability. Data held (client records, notes etc.) can be exported directly from the system.
Qunote has a robust information security management system and disaster recovery process in place. We are regularly audited by an independent UKAS accredited certification body and are certified to ISO27001, the internationally recognised standard for information security and data governance.
Certificate Number: 16451
For more information about Qunote, call us on 01303 863816, or email us at firstname.lastname@example.org