Data protection and compliance

As a healthcare company that develops, produces and sells healthcare solutions globally, Liva Healthcare takes security and careful data handling seriously.

We are committed to complying with all applicable personal data protection laws and have taken important steps in that regard.

The Liva Healthcare data protection commitment is the basis for our global personal data protection compliance program, which also includes governance structure, procedures, trainings, and oversight mechanisms to ensure effective data protection and respect for the rights of data subjects.

EU General Data Protection Regulation

Liva Healthcare is in full compliance with The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) which is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The GDPR raises the bar for all market players operating personal data by strengthening EU citizens control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR takes effect 25 May 2018, and will replace the data protection directive (officially Directive 95/46/EC) of 1995.

ISO 27001 Compliance

ISO/IEC 27001:2013 (ISO 27001) is the international standard that describes best practice for an ISMS (information security management system). Liva Healthcare is operation with full compliance to ISO 27001 which demonstrates our information security best practice. Our ongoing efforts in remaining best-in-class is overlooked and audited by PWC and REVI-IT, which delivers independent and expert assessments of our ISMS supports highest standards and codes of practice for information security management.

NHS Information Governance Toolkit (United Kingdom)

Our commitment to comply with personal data laws and standards includes compliance with the Information Governance Toolkit (United Kingdom) that relates to patients and service vendors under the NHS. The Information Governance Toolkit deals consistently with the various different rules, standards and laws related to how information is handled, including those set out in:

The Data Protection Act 1998.
The common law duty of confidentiality.
The Confidentiality NHS Code of Practice.
The NHS Care Record Guarantee for England.
The Social Care Record Guarantee for England.
The international information security standard: ISO/IEC 27002: 2013 and ISO/IEC 27001: 2013.
The Information Security NHS Code of Practice.
The Records Management NHS Code of Practice.
The Freedom of Information Act 2000.
The Human Rights Act article 8.
The ‘Report on the review of patient-identifiable information’
The Information Governance Review (also known as the Caldicott 2 Review).

A copy of our NHS Assessment Report can be found here.

CE

Liva Healthcare operates with the CE marking, which is a certification mark that concludes conformity with health, safety, and environmental protection standards for products sold within the European Economic Area. The CE marking is recognizable worldwide and a token of Liva Healthcare's operation in compliance with European conformity declaration and that the product meets the requirements of the applicable EC directives.

QIS2015

QIS2015 is the “gold standard” for the self-management sector. QISMET developed this universal standard to assure the delivery of consistently high quality self-management interventions of all types of provision.
The types of intervention available are rapidly changing to reflect the needs of all individuals who may require self-management education. In addition, digitally based programmes offer a wide range of approaches that include apps, coaching, telephone support, access to groups and libraries of information.
The key requirements for QISMET certification are that the approach must provide structured education and must have defined relevant outcomes that can be demonstrated are achieved. We do not certificate stand-alone products that are not part of a structured education pathway .