Find out about our golden rules

Discover the 7 Golden Rules that keep Clinitalk safe and effective

Assurance FAQs

The frequently asked questions about assurance

Who is the data controller?
In a healthcare setting, the GP surgery (the supervising organisation) is normally the controller for patient data, not the individual doctor or trainee. That’s because the institution decides the purposes (in this case GP training) and the means (e.g. what system to use). The doctor in training is usually acting as a representative of the controller, under their professional role. They are not normally an independent controller (unless they’re recording for their own, unrelated purposes, outside the remit of their employment/placement.  

How do I decide if I need a DCB0160 for a product?  
Check if the use of the product falls within the scope of DCB0160. DCB0160 defines its scope as applying to IT systems that deliver health or social care. Clinitalk does neither, it is solely an educational tool and therefore is out of scope. We have confirmed this position with ICB's as part of the assurance process.

Has Clinitalk been independently tested for security?
Yes, Clinitalk has been rigourosly tested by independent external  CREST certified bodies against national cyber security standards. That includes penetration testing of its encryption. Integrated Care Boards (ICB) such as in the West Midlands have reviewed the certification reports as part of an assurance process and confirmed compliance. Our certification documents are available in our governance library online. We use high level end to end encryption and our application of encryption was rated excellent on our compliance report. 

Deployment
Clinitalk is available from any modern web browser. No software download or app installation is required.