Information Security Statement

Last updated: 5 December 2025

Jump EHR is an electronic health record and clinical workflow platform provided by The Lathbury Group Ltd trading as Jump EHR (Use Jump). Protecting the confidentiality, integrity and availability of information is a core priority.

This statement summarises the technical and organisational measures used to safeguard data within Jump EHR.

1. Security Principles

Jump EHR is designed around the following principles:

  • Protection of sensitive health and personal data
  • Minimisation of access to information
  • Defence-in-depth security architecture
  • Continuous monitoring and improvement
  • Human oversight and accountability

2. Data Encryption

Sensitive data is protected through encryption controls.

Data StateProtection
In transitEncrypted network connections (TLS)
At restEncrypted storage provided by infrastructure services
BackupsEncrypted backup storage mechanisms

Encryption is supported through secure cloud infrastructure and platform configuration.

3. Access Control

Access to Jump EHR systems is restricted and controlled.

  • Role-based access controls limit user access to the minimum required
  • Individual user accounts are required
  • Multi-factor authentication is supported
  • Administrative access is restricted to authorised personnel
  • Access permissions can be reviewed by customer administrators, and organisational processes support periodic review

4. Infrastructure Security

Jump EHR operates using reputable cloud infrastructure providers.

Security measures include:

  • Network-level protections and firewall controls provided through hosting infrastructure
  • DDoS mitigation capabilities at infrastructure level
  • Secure configuration management
  • Separation of production and non-production environments
  • Regular security updates and patching

5. Application Security

We apply secure software development and application-level controls:

  • Code review and testing processes form part of development practices
  • Dependency and vulnerability monitoring tools are used
  • Input validation is applied across key data pathways using schema validation and application controls
  • Logging of security-relevant events
  • Protection against common web application risks

6. Monitoring and Incident Response

System performance and security are monitored.

  • Error and performance monitoring tools
  • Security logging and audit trails
  • Investigation of unusual activity
  • Documented incident response procedures
  • Timely notification to customers where required

7. Data Backup and Recovery

Data resilience measures are in place.

  • Automated backups
  • Backup retention and restoration capabilities
  • Backup restoration testing forms part of operational procedures
  • Recovery objectives are defined operationally and supported by platform backup and restoration capabilities

8. Personnel Security

Security responsibilities extend to staff and contractors.

  • Access granted only where required
  • Confidentiality obligations
  • Security awareness and training processes
  • Controlled administrative privileges

9. Sub-Processor Security

Service providers used to deliver Jump EHR are required to maintain appropriate data protection and security measures consistent with their role.

10. Continuous Improvement

Security is an ongoing process. We regularly review:

  • Emerging threats
  • System performance
  • User feedback
  • Industry best practices

Improvements are made where appropriate to maintain a strong security posture.

11. Responsible Disclosure

If you believe you have identified a security vulnerability in Jump EHR, please contact:

Email: hello@usejump.co.uk