Patient Billing are committed to protecting the confidentiality, integrity and availability of the information entrusted to us by our clients, partners and employees.

Information security is managed through a formal Information Security Management System designed to protect business, client and personal information against unauthorised access, loss, misuse or disclosure. Our approach ensures that information is handled responsibly and in line with legal, regulatory and contractual requirements.

We apply risk based technical and organisational measures to safeguard information throughout its lifecycle, including access control, secure handling, incident management and supplier assurance. Information security is considered across business operations and within the management of new and ongoing projects.

Patient Billing maintain an Information Security Management System certified to ISO 27001. We are also certified to Cyber Essentials Plus, providing independent assurance that appropriate organisational and technical controls are in place to protect information and reduce the risk from common cyber threats.

Our information security arrangements support alignment with relevant data protection legislation, including the UK GDPR and the Data Protection Act 2018.

Information security responsibilities are defined and supported by appropriate governance, regular review and continual improvement. Independent reviews and audits are carried out at planned intervals or when significant changes occur.

For information security enquiries, please contact support@patientbilling.co.uk

This statement is reviewed periodically to ensure it remains accurate and appropriate.

Last reviewed & updated May 2026