What It Is, How It Works, and How to Respond to Data Security Questions
Purpose of Document
Caller ID is one of the most common sources of data security questions and hesitation during onboarding. DPOs, practice managers, Caldicott Guardians, and ICBs frequently raise concerns about sharing patient data with a third party. Support staff must be able to explain Caller ID accurately, address every common objection confidently, and offer the no-Caller-ID alternative where needed. This article provides the complete internal reference.
What Caller ID Is
Caller ID is an optional enhancement that allows EMMA to recognise and pre-match a patient's phone number to their record before the call begins.
Without Caller ID, EMMA asks every patient for their name, date of birth, and postcode at the start of the call and verifies them against the NHS Personal Demographics Service (PDS) in real time.
With Caller ID enabled, EMMA can identify the calling number before the conversation begins and pre-match it to the relevant patient. PDS verification still runs on every call regardless. Caller ID simply speeds up the initial identification step, allowing the patient to move through their request faster.
Caller ID is not mandatory. EMMA operates fully and correctly without it. The patient list upload is only needed if the surgery wants to enable Caller ID.
What Data Is Contained in the Patient List
The patient list upload typically includes the following fields per patient:
| Field | Purpose |
|---|---|
| First name and surname | Patient identification matching |
| Date of birth | PDS pre-match support |
| Postcode | PDS pre-match support |
| Mobile phone number | Caller ID phone number matching |
| Home phone number (if provided) | Caller ID phone number matching |
| NHS number (optional) | Additional verification layer |
| VIP or vulnerable patient flag (if applicable) | Used to populate the VIP bypass list |
The exact fields required depend on how the surgery exports their data from EMIS Web or SystmOne. Guidance documents exist for both systems.
How the Patient List Upload Works
Step 1: QuantumLoop AI sends a secure SharePoint link
The practice receives a password-protected Microsoft SharePoint upload link. The link is hosted on Microsoft Azure's NHS-approved UK cloud infrastructure. The SharePoint location is a temporary, secure transfer point only.
Step 2: The practice uploads the patient list file
The practice exports their patient list from their clinical system (EMIS Web or SystmOne) and uploads it to the SharePoint link. Guidance documents for both EMIS Web and SystmOne exports are available.
Step 3: Automated validation and secure import
As of March 2026, the upload process is fully automated. Once the file is uploaded:
- The file is automatically validated and cleansed before processing
- Any errors are flagged immediately via Slack notification to the QuantumLoop team
- The file is imported into EMMA's secure encrypted database
- A Slack notification confirms successful import to the team
Step 4: The SharePoint link is deleted
After import, the temporary SharePoint file is deleted. The patient data no longer exists in the SharePoint location. It resides only within EMMA's core system, which is fully governed, encrypted, and compliant.
Step 5: Caller ID is active
From this point, EMMA can pre-match callers by phone number. PDS verification continues to run on every call regardless.
Full Data Security and Governance Framework
When responding to DPO, ICB, or practice manager data security concerns, staff must be confident presenting the full framework. All of the following apply to patient data processed by QuantumLoop AI.
| Governance Layer | Detail |
|---|---|
| DTAC assessment | Completed. Demonstrates compliance with the Digital Technology Assessment Criteria. |
| MHRA registration | QuantumLoop AI is registered as a Class I medical device under UK Medical Devices Regulations 2002. |
| DPIA (Supplier) | A comprehensive Data Protection Impact Assessment is in place covering data flows, lawful bases, risks, and mitigations. |
| DCB0129 | Clinical Safety Case Report and Hazard Log maintained in compliance with DCB0129. Clinical Safety Officer identified. |
| DSPT | Data Security and Protection Toolkit compliance maintained annually. |
| Cyber Essentials PLUS | Current certification. Scope covers all health and care data processing. |
| ISO 27001 | ISO 27001-accredited systems used for managing data securely. |
| Penetration testing | Annual penetration testing conducted by a CREST-accredited supplier. |
| ICO registration | Registered with the Information Commissioner's Office. Registration number: ZB801672. |
| Encryption | Data encrypted in transit using TLS 1.2 and at rest using AES-256-bit encryption. |
| Azure UK hosting | All data stored exclusively within Microsoft Azure UK data centres. No data leaves the UK. |
| Data Processing Agreement | DPA in place between the practice and QuantumLoop AI. All subprocessors are included and contractually prohibited from using data to train general AI models. |
| Crown Commercial Service RM6200 | QuantumLoop AI is listed on the CCS RM6200 framework for Artificial Intelligence. |
Responding to Common Data Security Questions
"Do we need to update our privacy notice because we are sharing data with QuantumLoopAI?"
No. QuantumLoop AI operates as a data processor under the surgery's responsibility. No updates to the surgery's privacy notice are required as a result of using EMMA or enabling Caller ID.
Note: the NHSE Assurance document recommends practices ensure their privacy notice reflects the use of the ARMS service generally. This is a recommended governance step for the practice to consider independently.
"Our DPO is not happy sharing patient data via SharePoint."
The SharePoint location is only a temporary secure transfer point. It is password-protected and hosted on Microsoft Azure's NHS-approved UK cloud infrastructure. Once the file is imported, the SharePoint file is deleted. No patient data remains in SharePoint after import.
If the DPO still has concerns, offer the no-Caller-ID option: EMMA operates normally using live PDS validation only. Caller ID can be activated later at any point if the DPO becomes comfortable.
"Can you confirm patient data is not used to train AI models?"
Yes. This is explicitly stated in the Data Processing Agreement. Patient data is not used to train general AI models. All subprocessors are contractually bound by the same restriction.
"Is data stored within the UK?"
Yes. All patient data is stored exclusively within Microsoft Azure UK data centres. No data is processed or stored outside the UK.
"We have an ICB that wants to review this before we proceed."
QuantumLoop AI can provide a full assurance pack to any ICB on request. This includes the DTAC assessment, Clinical Safety Case Report, Hazard Log, DPIA, DPA, Cyber Essentials PLUS certificate, DSPT status, penetration test summary, ICO registration certificate, and subprocessor list. The team can also support ICB review calls directly. Contact support@quantumloopai.com to arrange.
"Do we need to provide a new patient list every time we add new patients?"
No. The patient list upload is a one-time process used to initialise Caller ID. After go-live, all new patients are handled automatically through live PDS validation, which runs on every call regardless.
"Can we go live without Caller ID and add it later?"
Yes. EMMA operates fully without a patient list upload. PDS validation runs on every call regardless. Caller ID can be activated at any point after go-live by completing the patient list upload at that time.
The No-Caller-ID Option
This is always available and should be offered proactively when a DPO or practice raises data concerns about the patient list upload.
With no Caller ID:
- EMMA works exactly as normal
- PDS validation runs on every call as always
- The call is slightly longer as there is no phone number pre-match step
- No patient list is uploaded or stored by QuantumLoop AI
Many practices go live without Caller ID and add it later once they have built familiarity with the platform. This is a completely valid approach.
How to Export a Patient List
Separate guidance documents exist for each clinical system:
- How to Export Your Patient List from EMIS Web
- How to Export Your Patient List from SystmOne
Both documents include step-by-step instructions, required fields, and export format guidance. These should be sent to the practice once they confirm they want to proceed with Caller ID.
Step-by-Step Triage Process for Caller ID Objections
- Confirm whether the objection is coming from the practice manager, DPO, or ICB.
- Identify the specific concern: data transfer method, storage location, AI training, privacy notice, or general hesitation.
- Respond using the relevant section above. Use the full governance framework table if a formal response is needed.
- If the DPO or ICB remains uncomfortable, offer the no-Caller-ID option as a straightforward alternative.
- If an ICB wants to review formally, offer to provide the full assurance pack and arrange a support call.
- Document the outcome in HubSpot and note whether the practice proceeded with or without Caller ID.
What to Tell the Practice
Example wording for a practice whose DPO has concerns:
"We completely understand the DPO's caution and want to be fully transparent about how this works. The SharePoint link is a temporary, password-protected transfer point hosted on NHS-approved UK cloud infrastructure. Once we receive the file, it is imported into our secure encrypted system and the SharePoint file is deleted. No patient data remains in SharePoint after that point. All data is stored within Microsoft Azure UK data centres, encrypted at rest using AES-256-bit encryption, and governed under our DTAC, DPIA, and DSPT certifications. That said, if the DPO would prefer, we can absolutely go live without the patient list upload. EMMA will operate exactly as normal using live PDS validation on every call. Caller ID can always be added later."
Common Mistakes
- Telling a practice they must upload the patient list for EMMA to work. They do not. Caller ID is optional.
- Not proactively offering the no-Caller-ID option when a DPO raises concerns.
- Being unable to explain what happens to the SharePoint file after import. It is deleted.
- Not knowing the ICO registration number when asked (ZB801672).
- Telling a practice their privacy notice must be updated. It does not need to be updated as a result of using Caller ID specifically.
- Not knowing that an ICB assurance pack is available on request.
Escalation Guidance
Escalate to the governance or compliance lead if:
- An ICB formally requests a review before a practice can proceed
- A practice's DPO raises a specific data protection concern that is not addressed by the standard framework above
- A practice asks for documentation not listed in the assurance pack
When escalating, always include:
- Practice name and ODS code
- Name and role of the person raising the concern (DPO, ICB, practice manager)
- Specific concern raised
- What has already been communicated to the practice
Last Reviewed: May 2026 Owner: Support and Customer Success