It is mandatory for all Regulated Professionals to make special arrangements (encryption) to preserve the integrity of their Customer (Patient) personal data. This is particularly important where the use of online communications (internet) is concerned. The Valident service aims to be the Gold Standard needed in UK dental practice for the secure online transmission of sensitive patient data

The Valident secure online communications service (v-Form) employs ISO 27001/ISO 9000 certificated secure server facilities domiciled within the UK. All Valident dental practice online v-Forms have been properly secured (encrypted) and connected to a Virtual Private Network (VPN) within a fortress environment.

Valident has been developed with regulatory compliance and security is at its heart to provide a simple to use platform that brings peace of mind to practices and patients.


Regulatory Considerations:

ICO Security and Encryption

When storing or transmitting personal data, you should use encryption and ensure that your encryption solution meets current standards.

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/security/encryption/

General Dental Council (GDC): Standards for the Dental Team

4.5.2 If you are sending confidential information, you should use a secure method (encryption). If you are sending or storing confidential information electronically, you should ensure that it is encrypted.

Standards for the Dental Team (gdc-uk.org)

CQC Handling and Securing Personal data

Check the way you handle personal information meets the right Standards

https://www.cqc.org.uk/guidance-providers/all-services/check-way-you-handle-personal-information-meets-right-standards-0


Other points to take into account:

  • Every service provider (Company or Dental Practice) responsible for collecting and storing sensitive personal data must register their details with the Information Commissioner’s Office ico.org.uk
  • Dental Practices must publish a Privacy Policy that includes ICO Registration details and the name and contact details of the Data Controller responsible for the processing and safe storage of all sensitive personal data.
  • Practice websites must comply with GDPR Regulations and include a “Cookie” Policy for website visitors.
  • Practice websites that include online communication templates (eg. Patient referrals, Contact Us, Feedback) or hyperlinks (e-mail) must ensure these are properly classified with a Just in Time website message (JiT) being deployed to validate personal data protection (encryption) arrangements (eg Valident).
  • Data Controllers must ensure every patient has given their personal consent to store and use their data (Privacy Policy) for specific purposes (eg Medical/Dental History) together with their preferred method of communication (eg online/offline). Data Controllers are personally responsible and liable for any patient data security breaches or loss through cybercrime. The financial penalties could endanger the future viability of a dental practice.
  • Dental Practice Data Controllers must ensure all Internet Service Providers (ISP’s) and Practice Management System Suppliers provide a written statement to certificate the nature and security classification of all of their electronic network services. It is particularly important to ensure all outsourced data back-up facilities are properly certificated. All sensitive patient data must be fully encrypted when stored off site and NEVER in plain text format.  Online services that do not use exclusive Secure Server Storage facilities in the UK may NOT be GDPR/GDC/CQC compliant.