Security

We make sure your data stays yours

Patient Watch is GDPR compliant and DPIA approved by NHS organisations. Dealing with patient data is always scary so we are constantly working to make trusting us easier.

Technical Expertise

We combine industry gold-standards with cutting edge technology to keep your data safe.

Authentication and Authorization

  • JWT for secure authentication.
  • Salted & hashed passwords.
  • MFA for privileged users.
  • Different access levels for roles.
  • OAuth 2.0 Protocols.

Network Configuration

  • Exclusive use of HTTPS.
  • SSL for data transmission.
  • Cross Origin Restriction policies.
  • Firewalls and intrusion detection.
  • 99.99% uptime.

Vulnerability Tracker

  • Rate limited servers.
  • Front and backend input validation
  • Man-in-the-middle attack mitigation.
  • Regular vulnerability assessments.
  • AES-256 encryption.

Regulatory Compliance

Patient Watch is compliant with UK healthcare regulations and information security standards. Teams running post-market capture also rely on audit trails and structured post-market exports suitable for regulatory review.

Cyber Essentials Certified

UK government-backed cyber security certification

Certification Details

Organisation NamePatient Watch Ltd
SchemeCyber Essentials (IASME)
StatusCertified
Last renewedMay 2026

ICO Registration

Data protection compliance

Registration Details

Organisation NamePatient Watch Ltd
Reference NumberZB489383

Post-market data integrity

ALCOA+ friendly exports, structured adverse-event capture and role-based sponsor vs site views - read more under Post Market Surveillance.

ISO 14155-style workflowsCyber Essentials

21 CFR Part 11

Planned

Formal FDA 21 CFR Part 11 validation is on our roadmap for US sponsor and CRO programmes. Current controls include audit trails, role-based access, and ALCOA+ exports - contact us for the latest validation status if your programme requires Part 11.

GDPR Compliant

We know that your data is yours alone. We are GDPR compliant.

Explicit Consent Mechanism

User-friendly consent forms obtain explicit consent before collecting data.

Data Minimization

Our data collection policy shows how we collect only data necessary.

Data Encryption

All data transfers are encrypted for confidentiality during transmission.

Data Portability and Erasure

Patients portability and erasure requests are processed in 48 hours.

Regular Audits and Assessments

Quarterly internal audits are completed for continuous improvement.

Data Processing Agreements

Our Data Processing Agreement explains how we act on controller instructions, use sub-processors, and support customer GDPR obligations.

Transparent Privacy Policies

Maintain an accessible Privacy Policy which is regularly updated.

UK Based Data Storage

Implement controls to store patient data securely within the UK.

Frequently Asked Questions