Lyrebird is registered as a Class I medical device with the MHRA and although not mandated, we are actively pursuing Class IIa certification for enhanced clinical safety
Cyber Essentials & Cyber Essentials Plus Certified
Fully Cyber Essentials & Cyber Essentials Plus Certified, Lyrebird maintains the highest standard of cybersecurity controls as independently verified. Certificates of assurance available on request.
DSPT Toolkit Compliant
Lyrebird is fully compliant with the DSPT Toolkit, published submission available on NHS portal
DTAC Compliant
Comprehensive internal DTAC assessment aligned to NHS expectations. Certificate of assurance available to partner NHS organisations.
CREST Penetration Testing
Annual penetration tests performed by CREST-accredited providers to ensure continuous robust protection. Latest report available on request
End-to-End Encryption & GDPR Compliance
All data encrypted using bank level AES-256 bit encryption in transit and at rest. Lyrebird is also fully UK GDPR compliant with comprehensive data and information security controls.
NHS Wide Clinical Integration System
Lyrebird's OpenAPI built for interoperability by design with HL7 and FHIR compliance, is compatible with all NHS EPR systems
Clinician-In-The-Loop
Lyrebird designed from the ground up with the clinician in the loop at all times and required for every consult.
No audio storage
The spoken words during the consultation are instantly converted into text, with no audio ever being stored.
Processing & storage
We currently process data in Germany, and store data in the United Kingdom, inline with GDPR requirements.
Bank level encryption
All data in transit is secured with TLS 1.2 and at rest with 256-bit encryption, the same standard used by banks.
Your data is your data
Your data, nor your patients data will ever be sold to third parties.
No AI model training
All data is yours alone — it will never be used to train an AI model.
