Data Security

Leadership and management support when you need it most...

Information Governance and Data Security

Last updated: 4th May 2026

1. Introduction

Quinexis Primary Care Consultancy Limited recognises the importance of protecting personal and confidential information.

We are committed to handling information securely, responsibly, and in line with applicable data protection legislation, including the UK General Data Protection Regulation and the Data Protection Act 2018.

2. Scope

This statement applies to all information handled by Quinexis Primary Care Consultancy Limited in the course of its business activities, including:

  • Client and organisational information 
  • Personal data 
  • Commercially sensitive information 

3. Our approach to information governance

We apply a proportionate, risk-based approach to information governance appropriate to the size and nature of our business.

Our principles include:

  • Confidentiality – information is only accessible to those who need it 
  • Integrity – information is accurate and protected from unauthorised alteration 
  • Availability – information is accessible when required for legitimate business purposes 

4. Data handling and security measures

We implement appropriate technical and organisational measures, including:

  • Secure electronic storage of data 
  • Controlled access to systems and information 
  • Use of password protection and secure devices 
  • Limiting data collection to what is necessary (data minimisation) 

Where personal data is processed, it is handled in accordance with our Privacy Policy.

5. Working with NHS organisations

Quinexis Primary Care Consultancy Limited understands the importance of maintaining high standards of information governance when working with NHS organisations, including GP practices.

We will:

  • Handle information in line with NHS expectations for confidentiality and security 
  • Only access or process information where necessary to deliver agreed services 
  • Maintain appropriate safeguards to protect sensitive information 

6. Data sharing

We do not share client or personal data unless:

  • It is necessary to deliver services 
  • It is required by law 
  • Appropriate safeguards are in place 

7. Data retention

We retain information only for as long as necessary to fulfil business, contractual, and legal obligations.

Further detail is set out in our Privacy Policy.

8. Responsibilities

Responsibility for information governance sits with Quinexis Primary Care Consultancy Limited leadership.

All individuals working with or on behalf of Quinexis Primary Care Consultancy Limited are expected to:

  • Handle information securely 
  • Follow agreed practices 
  • Report any concerns relating to data security 

9. Incident management

In the event of a data breach or security incident, Quinexis Primary Care Consultancy Limited will:

  • Take prompt action to contain and assess the issue 
  • Take appropriate remedial action 
  • Notify affected parties and regulators where required 

10. Continuous improvement

We will keep our approach to information governance under review to ensure it remains appropriate, effective, and aligned with legal and client expectations.

All individuals working with or on behalf of Quinexis Primary Care Consultancy Limited undertake appropriate training which is renewed annually. 

Information icon

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.