Home
DAN DAN
DAN | Blog | Data security, privacy and encryption

Data privacy, protection and security

Adam Marsh | March 2022

With respect to privacy and GDPR, as a healthcare provider you are a data controller of personal sensitive data. Dental Audio Notes is a data processor acting on your behalf and instruction.

To demonstrate compliance with data protection laws when using DAN, there are three things you should do:

  1. Carry out your due diligence of us, which this article forms part of. We provide links to all the information you need in this article.
  2. Confirm the patient’s consent to each recording. You can do this verbally as soon as you start recording.
  3. Update your patient privacy information to highlight the use of DAN. We provide example items for you below.

Your due diligence of us

When you implement any new system that handles patient data, you should assess the measures in place to safeguard patient information.

Our policies and governance referenced below provide the guarantees you need for this due diligence. Further, we provide a Data Protection Impact Assessment (DPIA)1 template with all the relevant information completed to make this process as simple as possible.

Dental Audio Notes is fully compliant with the NHS Data Security and Protection Toolkit2, GDPR3 and registered with the ICO4. Our privacy policy5, data security and protection policy6 and supplier governance overview 7 are available online.

We partner with CREST8 approved security experts9 and registered data protection advisors10 with experience in healthcare data to ensure we, our systems and processes comply with the latest standards and policies related to security and privacy. Our security experts regularly penetration test our systems to identify any vulnerability risks and provide insight on potential enhancements.

We partner with Amazon Web Services11 (AWS) to provide our infrastructure to the highest digital and physical security standards: ISO/IEC 2700112; ISO 28000:200713; Cyber Essentials Plus14; ISO 2701715; ISO 2701816; SOC 1/2/317.

Only you, and users you authorise, can decrypt DAN data. The Dental Audio Notes team has no access to this data. All data is stored in the UK.

Confirming the patient’s consent to recording

To ensure that your use of DAN is fully compliant you should confirm the patient’s consent for each recording. You can do this verbally as soon as you start recording. We have some examples of how to introduce DAN to a patient before starting the record in our FAQ - how do I introduce DAN to my patients?18.

After pressing record, open with:

Dentist: “ok [patient name], can you just confirm that you are happy for us to audio record this conversation as part of your dental records?”

Patient: “yes”

You should also note that a recording has been made in your written records. This can be as simple as: "recorded in DAN with verbal consent to form part of the patient record".

Update your patient privacy information

You may wish to update your patient privacy information to highlight the use of DAN.

In your Privacy Policy, update:

Notes

  1. https://dentalaudionotes.com/dpia  

  2. https://www.dsptoolkit.nhs.uk/OrganisationSearch/8KM26  

  3. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/  

  4. https://ico.org.uk/ESDWebPages/Entry/ZA761741  

  5. https://dentalaudionotes.com/privacy  

  6. https://dentalaudionotes.com/data_security_and_protection  

  7. https://dentalaudionotes.com/governance_overview  

  8. https://www.crest-approved.org/  

  9. https://www.onsecurity.io/  

  10. https://dataprotectionpeople.com/  

  11. https://aws.amazon.com/  

  12. https://www.iso.org/isoiec-27001-information-security.html  

  13. https://www.iso.org/standard/44641.html  

  14. https://www.ncsc.gov.uk/cyberessentials/overview  

  15. https://www.iso.org/standard/43757.html  

  16. https://www.iso.org/standard/76559.html  

  17. https://aws.amazon.com/compliance/soc-faqs/  

  18. https://dentalaudionotes.com/faq  

DAN logo

Master record keeping
by secure audio recording