Information Security Requirements for Suppliers
    You are here:
  • Information Security Requirements for Suppliers

Information Security Requirements for Suppliers

Keeping Information Safe and Building Trust

Suppliers need to keep our information safe at all times. This means they must protect important data about our business, our ideas, and personal details about our staff and customers. Suppliers should use strong security measures like locking down data, using encryption, and making sure only the right people can access important information. They must follow all laws and rules about privacy and data protection, and be ready to spot and report any problems or breaches right away. Staff should be trained to handle information securely, and suppliers should use safe ways to communicate with us. In short, we expect our suppliers to take information security seriously, keep things confidential, and work with us to stay ahead of cyber risks.

So if you are wanting to provide a service or product to Ramsay Health Care please review the below questions. 

Q1. Will you be processing CONFIDENTIAL PATIENT INFORMATION? We deem this to be: Information which is ‘Confidential’ (above), AND: Identifies an individual; Is held in confidence; and that conveys information relating to health condition, diagnosis and/or treatment of an individual.

Q2. Will you be processing CONFIDENTIAL data, which we deem to be:  Personal Data or Sensitive Personal Data (not patient health data), as defined by the Data Protection Act 18 and General Data Protection Regulation 18. Personal Data relates to information, or a collection of information, which enables the identification of a single living person. Examples include HR and personnel financial records; Information relating to security investigations, incidents, risks and/or baseline security controls; Highly commercially sensitive, proprietary or patented information; Information which could be considered valuable to criminals and/or competitors;  Information which may facilitate improper gain or disadvantage to individuals and/or organisations.

Q3. Will you be processing Business Use Information? This is deemed to be information such as internal data that is not meant for public disclosure; E.g., Organisational Charts; minutes of meetings, which does not include Confidential or Confidential Patient Information.

If your answer is “yes” to one or more of the above then we would expect the attached NHS Digital Technical Assessment Criteria to be completed and returned: https://transform.england.nhs.uk/key-tools-and-info/digital-technology-assessment-criteria-dtac/

It is important to note the DTAC opens up conversations between suppliers and RHCUK SME’s, it should not be viewed as “Pass” or “Fail”.

Ramsay Health Care UK offer services to the NHS and are required to comply with cyber security charter for suppliers: https://digital.nhs.uk/cyber-and-data-security/guidance-and-assurance/cyber-security-charter-for-suppliers-to-the-nhs

As a result any potential IT suppliers should commit in writing to abiding by the following principles:

  1. Our systems are kept in support and have the latest patches applied to address known vulnerabilities.
  2. We will achieve and maintain at least 'Standards Met' as part of the Data Security and Protection Toolkit (DSPT).
  3. We will apply Multi-Factor Authentication (MFA) to our own networks and systems. To support our customers to meet the NHS England MFA policy, we will support identity federation or make MFA functionality available on the products that we provide.
  4. We will deploy effective 24/7 cyber monitoring and logging of our critical IT infrastructure to prevent and detect cyber-attacks, which will allow investigation in the event of an incident.
  5. We will ensure that we have immutable backups of our critical business data, with tested plans that ensure we can offer business continuity and rapid recovery of essential IT. We will also have immutable backups of our products to ensure the continued provision of the systems and services that we provide.
  6. We have undertaken board level exercising to ensure we are confident of our ability to respond in the event of a cyber-attack.
  7. We will report to our customers in a timely manner, adhering to (and supporting our customers to adhere to) all regulatory requirements, and work collaboratively, openly and in partnership with NHS England in the event of discovering a cyber-attack affecting patient care or data.
  8. Where providing software to the NHS, we agree that the software has been produced in adherence to the Department for Science, Innovation and Technology (DSIT) / National Cyber Security Centre (NCSC) software code of practice and commit to meeting the principles of secure design and development, secure build environment, secure deployment and maintenance and communication with customers.

Important Information

The information, including but not limited to, text, graphics, images and other material, contained on this website is for educational purposes only and not intended to be a substitute for medical advice, diagnosis or treatment. Always seek the advice of your physician or other qualified health care provider with any questions you may have regarding a medical condition or treatment.

No warranty or guarantee is made that the information contained on this website is complete or accurate in every respect. The testimonials, statements, and opinions presented on our website are applicable to the individuals depicted. Results will vary and may not be representative of the experience of others. Prior patient results are only provided as examples of what may be achievable. Individual results will vary and no guarantee is stated or implied by any photo use or any statement on this website.

Ramsay is a trusted provider of plastic or reconstructive surgery treatments as a part of our wrap-around holistic patient care. Our personal, friendly and professional team are here to support you throughout to ensure the best possible care. All procedures we perform are clinically justified.

*Acceptance is subject to status. Terms and conditions apply. Ramsay Health Care UK Operations Limited is authorised and regulated by the Financial Conduct authority under FRN 702886. Ramsay Healthcare UK Operations is acting as a credit broker to Chrysalis Finance Limited.

Ramsay Health Care UK is not currently recruiting for any roles based outside of England. If you are interested in applying for a role with Ramsay Health Care UK, please note that all available positions are advertised exclusively on our official website: https://www.ramsayhealth.co.uk/careers. Be cautious of individuals or organisations that approach you directly for remotely-based roles. Always verify the authenticity of the job offer and be careful with whom you share your personal information. For more information and advice on employment fraud, please visit: https://www.ramsayhealth.co.uk/careers/recruitment-fraud