Safeguarding patient data and maximising trust with our NHS healthcare partners are foundational principles that drive every decision we make.
Whether you’re a clinician or thinking of commissioning Anima at your practice, PCN or ICB, we’ve outlined what data we process, why we process it and how it's used. Any specific documentation can be made available on request.
Frequently asked questions
Anima has a commitment to every patient whose data we store to keep it safe and secure. To find out more about how we use your data, take a look at the frequently asked questions below.
How do I know that Anima is safe for my practice to use?
We transmit and store data in encrypted form. This means nobody else can read it without the right credentials. When stored, your data is encrypted in an extremely secure UK-based Amazon AWS data centre. We meet the highest standards of safety and security, as set by NHS bodies and the government. We go through assurance processes for these and we regularly get outside independent experts to check our systems are secure.
Are we Cyber Essentials certified?
Our Anima servers are hosted in the London AWS Data Centre. We follow best practice guidance from NHS Digital, the UK National Cyber Security Centre (NCSC) and AWS. All data sent is encrypted when it is sent and when it is stored.
We transmit and store data in encrypted form. This means nobody else can read it without the right credentials. When stored, your data is encrypted in an extremely secure UK-based Amazon AWS data centre. We meet the highest standards of safety and security, as set by NHS bodies and the government. We go through assurance processes for these and we regularly get outside independent experts to check our systems are secure.
How do we keep data secure?
Our Anima servers are hosted in the London AWS Data Centre. We follow best practice guidance from NHS Digital, the UK National Cyber Security Centre (NCSC) and AWS. All data sent is encrypted when it is sent and when it is stored.
How are we 'IG compliant'?
Anima is fully compliant with NHS Information Governance (IG) requirements. We are committed to safeguarding patient and clinician data through robust, transparent, and independently verified controls, processes, and policies.
NHS IG Standards and Certifications:
IM1 Assurance: Anima holds current and comprehensive IM1 assurance, explicitly covering document processing and structured data exchange with electronic health record (EHR) systems. Our latest IM1 assurance was completed in January 2025.
DSPT (Data Security and Protection Toolkit): We are fully assured on the NHS Digital DSP Toolkit (ODS code: R3U6M), meeting all mandatory requirements.
DTAC (Digital Technology Assessment Criteria): Anima is fully aligned with the NHS DTAC framework, which brings together clinical safety, data protection, technical security, interoperability, and usability standards for digital health technologies used in NHS settings. All components of DTAC are met, and supporting documentation can be shared upon request.
DCB0129: Anima has completed a full DCB0129 Clinical Safety Case and Hazard Log, in line with NHS requirements for software suppliers. We maintain an active Clinical Safety Officer (CSO) who oversees ongoing compliance and updates to our clinical risk assessments.
DCB0160: For NHS organisations deploying Anima, our documentation and clinical safety assurance support practices in meeting their DCB0160 obligations, which mirror DCB0129 but from the deployer’s perspective.
Cyber Essentials: Certified under the UK Government’s Cyber Essentials scheme, with Cyber Essentials Plus currently underway.
GDPR Compliance: Anima is fully GDPR compliant. We maintain up-to-date DPIAs and Data Processing Agreements (DPAs) with all partner practices, ensuring full data control rests with the practice at all times.
What data do we process?
In order to provide communication with and about patients we process patient data and healthcare staff data to our secure UK-based servers. The patient data typically includes name, identifiers, contact details, demographic data, message content (including documents and patient replies to messages either via secure surveys or two-way messaging) and other application-use related data. We only process this data when you send a communication to patients.
We also process healthcare staff data who are users of Anima. This typically includes role, organisation, contact details, identifiers including gender and date-of-birth, messages, metadata, signatures, login and other application-use related data.
The video and audio communication of any video consultation is only visible to participants on the call, and is not recorded or stored on any server. The IP address of call participants may be stored as part of metadata stored, however no other personal information of call participants is collected or stored.
How do we send text messages?
Firetext, SMS gateways (which are BT/EE) and a fallback with Amazon Pinpoint.
Find out more about security and privacy
Here, you can see all the key documents about Anima and what we do with data.
Our information governance documents set out the promises we make about data, the agreements we have in place, and how we comply with the relevant laws and NHS rules and guidance.
Our security credentials show how we keep those promises, keep our systems secure, and keep your data safe.
Policies and agreements
Privacy Policy covers how we handle personal data
Data Processing Agreement (available on request)
Data Privacy Impact Assessments (DPIAs)
When using Anima, it is up to the data controller (your organisation) to complete a DPIA. As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:
Anima Triage (Core)
Anima Documents
Anima Ambient Scribe
All are available on request.
Support
You can find more detailed information and support articles about us in our dedicated Help Centre. If you have any questions, please feel free to contact us directly at support@animahealth.com and we’ll do our best to answer your questions.
