Legal

KiwiPen Compliance Policy Statement

At KiwiPen, we understand that compliance, security, and patient safety are paramount in the healthcare industry. As a provider of AI-assisted medical transcription services, we recognize our responsibility to adhere to the highest standards of data protection, information security, and regulatory compliance. Our commitment to these principles is unwavering and forms the cornerstone of our operations.

We have implemented a comprehensive compliance framework that encompasses various certifications and registrations, each playing a crucial role in ensuring the integrity, confidentiality, and security of the sensitive information we handle. Below, we outline our key compliance measures and their significance:

1. General Data Protection Regulation (GDPR) Compliance

KiwiPen is fully compliant with the GDPR, the most stringent data protection regulation in the European Union. This compliance ensures that:

• We process personal data lawfully, fairly, and transparently.
• We collect and use data only for specified, explicit, and legitimate purposes.
• We limit data collection to what is necessary for the purposes of processing.
• We maintain accurate and up-to-date personal data.
• We store data for no longer than necessary for the purposes of processing.
• We process data in a manner that ensures appropriate security.

Importance: GDPR compliance demonstrates our commitment to protecting individual privacy rights and ensures that we handle patient data with the utmost care and respect.

2. Information Commissioner's Office (ICO) Registration

KiwiPen is registered with the ICO, the UK's independent authority set up to uphold information rights in the public interest.

Reference Number: ZB721440

Importance: Our ICO registration signifies our commitment to data protection principles and provides assurance that we are accountable for our data processing activities.

3. Cyber Essentials Certification

We have attained Cyber Essentials certification, a UK government-backed scheme that helps protect our organization against a wide range of common cyber attacks.

Importance: This certification demonstrates that we have implemented essential security measures to guard against cyber threats, thereby protecting the integrity and confidentiality of the data we process.

4. NHS Data Security and Protection Toolkit (DSPT) Compliance

KiwiPen has successfully achieved compliance with the NHS DSPT, a set of standards that ensures we handle NHS patient data correctly.

Importance: Compliance with the DSPT validates our commitment to maintaining the highest standards of data security and protection in alignment with NHS requirements.

5. Our Commitment to Not Storing Patient Data

Kiwipen deals with anonymised patient data that does not retain any connection to the patient. We have taken this a step further by not storing this data in any form.

Importance: This reduces the possibility that malicious actors will gain access to patient data saved in user accounts.

6. Strict Access Controls

We implement stringent access controls to ensure that only authorized personnel have access to sensitive data. All access is logged and monitored.

Importance: This practice minimizes the risk of internal data breaches and ensures accountability for all data access.

7. Ongoing Staff Training

Our team undergoes regular training on data protection, privacy best practices, and the latest security threats.

Importance: Continuous education ensures that our staff remains vigilant and up-to-date on the latest compliance and security practices.

At KiwiPen, compliance is not just about meeting regulatory requirements; it's about earning and maintaining the trust of our users and their patients. We are committed to continuously reviewing and improving our compliance measures to ensure we remain at the forefront of data protection and security in the healthcare industry.

For any questions or concerns regarding our compliance policies, please contact our dedicated compliance team at hello@kiwipen.com.

Last updated 16th August, 2024