Privacy & Security - Lyrebird Health

Medical Device Registration

Lyrebird is registered as a Class I medical device with the MHRA and although not mandated, we are actively pursuing Class IIa certification for enhanced clinical safety

Cyber Essentials & Cyber Essentials Plus Certified

Fully Cyber Essentials & Cyber Essentials Plus Certified, Lyrebird maintains the highest standard of cybersecurity controls as independently verified. Certificates of assurance available on request.

DSPT Toolkit Compliant

Lyrebird is fully compliant with the DSPT Toolkit, published submission available on NHS portal

DTAC Compliant

Comprehensive internal DTAC assessment aligned to NHS expectations. Certificate of assurance available to partner NHS organisations.

CREST Penetration Testing

Annual penetration tests performed by CREST-accredited providers to ensure continuous robust protection. Latest report available on request

End-to-End Encryption & GDPR Compliance

All data encrypted using bank level AES-256 bit encryption in transit and at rest. Lyrebird is also fully UK GDPR compliant with comprehensive data and information security controls.

NHS Wide Clinical Integration System

Lyrebird's OpenAPI built for interoperability by design with HL7 and FHIR compliance, is compatible with all NHS EPR systems

Approved by experts

We co-created the MDA guidelines for
using AI tools in doctor consultations.

No audio storage

The spoken words during the consultation are instantly converted into text, with no audio ever being stored.

Local processing & storage

We process and store data on Australian soil, fully compliant with the Australian Privacy Principles.

Bank level encryption

All data in transit and at rest is secured with 256-bit encryption, the same standard used by banks.

Your data is your data

Your data, nor your patients data will ever be sold to third parties.

No AI model training

All data is yours alone — it will never be used to train an AI model.

Built for compliance from the ground up