Frequently Asked Questions
We take safety and security extremely seriously, and we meet the highest standards of safety and security as set by the NHS. We go through extensive assurance processes for these, and are regularly audited by independent experts to verify the robustness of our systems.
As the data controller, it is your responsibility to complete a DPIA for using Anima. As a data processor, we cannot complete it for you.
However, to be as helpful as we can, we have filled in the key parts of a template DPIA for each of our product lines, which you can access from this Trust Centre once approved.
Yes, all data is encrypted both at rest and in transit.
Yes, Anima is registered as a Class I medical device with the UK's Medicines and Healthcare products Regulatory Agency (MHRA). We are pursuing Class II classification as our product suite expands.
All clinical decisions, including diagnoses and treatments, are the sole responsibility of the Anima end-user.
Our databases and platform infrastructure are hosted by Amazon Web Services (AWS) in their London data centre.
All of our subprocessors host their servers either in the UK or in the EEA.
Yes, Anima is certified against both Cyber Essentials and Cyber Essentials Plus. These schemes are run by the UK government and the National Centre for Cyber Security to provide a gold-standard for cyber security.
Anima has completed the NHS Data Security and Protection Toolkit (DSPT) under ODS code R3U6M, and is certified against both the Cyber Essentials and Cyber Essentials Plus frameworks.
We are fully compliant with DCB0129, which is for manufacturers of health IT software. We have been assured by NHS England against this standard.
We're committed to maintaining the highest standards for data protection. We do need to collect various types of data, including personal data and health data, in order to provide our services.
Yes. We have completed several thorough assurance processes to enable us to be used by NHS organisations and to be integrated with other NHS services like the electronic health records (EHRs) and NHS login. We have been assured against, and comply with, the privacy, security and clinical safety standards set out by the NHS.
All personal data processed through Anima is stored and handled within the UK and European Economic Area (EEA). No data is transferred outside of the EEA.
The UK has what is known as an 'adequacy decision' in place with the EEA, which means that under the UK GDPR personal data can lawfully flow from the UK to the EEA without any additional safeguards such an international data transfer agreement. The adequacy decision confirms that EEA's data protection regime is recognised as being essentially equivalent to the UK's.
Yes, we comply with the UK GDPR and all NHS rules and regulations on IG.
Yes. We are registered under our registered company name (Continuum Health Limited), with the reference ZB035442.
Data for our NHS services is stored in the UK (or UK-approved locations). We use strong encryption in transit and at rest.
No, we don't sell any data.
We're a UK company providing NHS services to UK patients. Our parent company structure exists solely for investment purposes - it's a common setup that allows healthcare technology companies to access funding to improve and expand their services, and is common among other suppliers that work with the NHS.
All data remains protected under UK GDPR, and all data processing for NHS services happens within our UK operations. The parent company structure doesn't change our obligations to protect your information under UK law.
No. Your health data is processed and stored in the UK in accordance with NHS requirements and UK data protection law.
Please consult our Service Level Agreement (in the 'Resources' section of our Trust Centre) for information on our response times to queries and issues.