Everything a practice manager, DPO, or procurement lead needs to assess us — including the things we have not got yet. We would rather you read an honest "in progress" here than discover an overclaim later.
| Item | Status | Detail |
|---|---|---|
| UK GDPR documentation pack | Held | Data Processing Agreement, DPIA template, data-flow diagram, retention & deletion policy, incident response plan. All available on request before any pilot. |
| ICO registration | Held | Registered as a data controller — number shown in the page footer. |
| Cyber Essentials | In progress | Application in preparation via IASME. This page will state the certificate number and date the day it is issued. |
| Cyber insurance | In progress | Quotes under way with UK specialist insurers. |
| NHS DSPT | In progress | Self-assessment under way, not yet published. Pilots run under your organisation's own DPIA — we supply a pre-filled template your organisation adopts and owns. |
| DTAC | Not held | Deliberately deferred: practice-level purchases do not require DTAC. We will pursue it when trust-level deployments justify it, and say so here. |
| Medical device registration | Not applicable | Hush is not a medical device and not an ambient scribe — it drafts documents under clinician review. This boundary is deliberate and documented. |
| Uptime SLA | Not offered | We do not sell an SLA we cannot yet evidence with public monitoring history. Plans are monthly, cancel anytime, with full data export within 24 hours. |
Last reviewed: 11 June 2026. If anything on this page is out of date, tell us at [email protected] and we will correct it within one working day.
Our answers are on the Security page, in writing, with the uncomfortable parts included.
No procurement framework is needed for practice-level purchases. Plans are monthly with no lock-in: pilot free for 14 days, then pay by card through Stripe. Larger organisations can request a custom DPA and invoicing at [email protected]. Every commitment we make is in writing, on this site, dated.