PsychiatristAIBack to overview

Compliance

Designed with UK GDPR and NHS anonymisation standards in mind

PsychiatristAI is built for NHS mental health services, with anonymisation and governance patterns that align to UK GDPR, NHS ISB1523 and the Caldicott Principles. This page outlines how we approach data protection for clinical document analysis.

UK GDPR for health data

PsychiatristAI is designed for processing special category health data inside clinical pathways. The service focuses on structured analysis for clinicians and teams, not direct-to-patient use.

  • Processing of special category data aligned with UK GDPR for health.
  • Data minimisation and purpose limitation built into workflows.
  • Strict access controls and role-based views for clinical teams.

Example workflow

  • 1. A referral letter or clinic note is uploaded by a clinician or team.
  • 2. Identifiers are removed or replaced with pseudonyms before analysis.
  • 3. Dashboards surface risk, safeguarding and medication insights.
  • 4. Structured outputs are used to support, not replace, clinical judgement.

NHS ISB1523-aligned anonymisation

Anonymisation logic is designed with reference to the NHS ISB1523 Anonymisation Standard for health and social care data.

  • Removal of direct identifiers (name, NHS number, address) before analysis.
  • Pseudonymisation and internal identifiers for follow-up over time.
  • Motivated Intruder Test considerations in anonymisation design.

Motivated intruder thinking

Designs are reviewed against a motivated intruder model: could a determined third party, with access to public and limited private data, reasonably re-identify an individual from the outputs alone?

This page describes design intent and demo behaviour. Any live deployment would be configured with local Trust policies, DPIAs and information governance sign-off.

Governance & Caldicott

PsychiatristAI is intended to sit within existing governance structures rather than replacing them.

  • Audit logging of document uploads, analyses and exports.
  • Support for local Caldicott Guardian oversight.
  • Configurable retention windows according to Trust policy.

Synthetic demo data

Web demos (for clinicians, services and patients) use fully synthetic identifiers and example narratives. They are not connected to live NHS systems and do not contain real-world patient data.

Any pilot or production deployment would be configured in collaboration with local information governance teams and Caldicott Guardians.

Next steps

If you would like to explore how PsychiatristAI could fit within your Trust's data protection and governance approach, we recommend a short call with your IG and clinical leads present.

Contact us about compliance