Skip to content
English - United Kingdom
Contact us
  • There are no suggestions because the search field is empty.

How Does QuantumLoopAI Handle Patient Data?

What NHS practices and patients need to know about data, privacy, and security

Data governance and patient privacy are built into everything QuantumLoopAI creates. This article explains what data EMMA processes, how it is protected, and the standards and certifications that govern our approach.

Who Controls the Data?

Your surgery remains the data controller under UK GDPR. QuantumLoopAI acts as the data processor, handling information only under your instruction and solely for the purpose of supporting patient care. A Data Processing Agreement clearly defines these roles and responsibilities.

What Data Does EMMA Process?

To manage calls and automate administrative workflows, EMMA processes:

  • Patient contact information and call details
  • Interaction transcripts and outcomes
  • Administrative and triage data logged during calls

EMMA does not access patient records, prescribing systems, or medication history. She captures what the patient tells her and passes it to the surgery. All clinical decisions remain with the surgery at all times.

Does EMMA Need Patient Consent?

No separate patient consent is required for EMMA's operation. Under UK GDPR, data is processed under Article 6(1)(e) and Article 9(2)(h), supporting the provision and management of healthcare. This is the same legal basis used for normal surgery communications and clinical systems.

Does EMMA Record Calls?

Yes, securely. Every patient call is recorded, transcribed, and fully auditable. Surgeries can review calls for training, governance, or complaint handling at any time. Access is strictly limited to authorised practice users and all call data is fully encrypted.

How Is Data Stored?

All patient data is hosted within NHS-approved Microsoft Azure data centres in England. Data never leaves the UK. This ensures full alignment with NHS, UK GDPR, and national data protection requirements.

All services operate on SOC 2-compliant infrastructure, ensuring strict privacy, integrity, and reliability controls verified by independent assessors.

Encryption

All data is protected end-to-end using TLS 1.2+ and AES-256-bit encryption, in transit and at rest. This is the same level of security trusted by global financial institutions and defence systems.

Audit and Transparency

Every call, transcript, and action is timestamped, logged, and fully auditable. Surgeries can review these records at any time for internal governance, CQC compliance, or clinical safety audits.

Zero-Trust Security

QuantumLoopAI operates a Zero-Trust security model. Every interaction is verified before access is granted. Immutable, tamper-proof audit logs are maintained for all access and data events. Independent CREST-accredited cybersecurity reviews are completed annually and after every major update.

Data Sovereignty

All patient data is securely hosted within UK jurisdiction and never leaves England. Data is never shared, sold, or stored outside the NHS environment.

Does QuantumLoopAI Share or Sell Patient Data?

No. QuantumLoopAI never shares, sells, or repurposes patient data for marketing, analytics, or any non-clinical use. Patient data remains under your control, within the NHS environment.

UK GDPR and DPIA

QuantumLoopAI is fully UK GDPR compliant, supported by detailed Data Protection Impact Assessments and a rigorous internal governance framework. Every deployment includes a completed DPIA, ensuring compliance and streamlined approval for NHS information governance teams.

DSPT Certification

QuantumLoopAI is fully compliant with the NHS Data Security and Protection Toolkit (DSPT), confirming that our data governance meets NHS England's standards for secure, transparent, and responsible information handling.

What Assurance Documentation Is Available?

QuantumLoopAI provides NHS partners with all required documentation on request, including:

  • DTAC and DSPT certificates
  • DPIA templates
  • DCB0129 Clinical Safety Case Report
  • Cyber Essentials Plus verification

To request documentation or ask about information governance requirements, visit quantumloopai.com/compliance-security or contact us through the website.