Security and privacy

Hero is used by healthcare professionals and patients every day. Users must be able to easily understand what data Hero is processing, why it is being processed and how it's used.

Our certifications

We have been assessed or certified by the following organisations:

  • HM Government G-Cloud Supplier
  • Cyber Essentials Plus

We integrate with EMIS Health, with whom we are both an Accredited Partner and an Elite Partner.

We annually submit the NHS Data Security and Protection Toolkit, visible online.

Our data principles

Our approach to data governance is one of continual improvement. Standards for data governance are constantly evolving, and so we are constantly looking across the digital health industry to learn and improve.

  • All data is encrypted - We encrypt all data we process and/or store. Encryption is used on all our processes, so you can rest assure that only you and anyone you authorise have access to your data. Access to the data is restricted to specific employees who have a ‘need-to-know’ and who are bound by confidentiality obligations.
  • All staff are trained in data handling - Data handling and data security training is mandatory for all our employees, and it is part of their induction process. These training sessions teaches our employees to understand security risks and threats, and how to react to prevent any attempt or attack on our data. Refresher trainings and updates are organised with the team to ensure themes accurate and up to date information is being shared.
  • All application data is stored in UK based data centres - Hero health is committed to ensuring effective safeguards are applied to the information it holds. When it comes to storing your data, we are only using UK based data centres, carefully chosen and with highest levels of security and confidentiality.
  • We only work with selected technology partners, who are vetted to ensure their data compliance - Whenever we need to work with other organisations, we select our partners very carefully, ensuring they share our values and high standards when it comes to data compliance.