- Types of data processed
- Legal basis for data processing
- Use of third parties
- Transparency and user rights
- National data opt-out
- Testing considerations
Types of data processed
The healthcare organisation is the data controller, and Concentric Health is the data processor.
Patient personal data used:
- Title, given name(s), and family name
- Date of birth
- Hospital number and/or NHS number
- Email and/or mobile number
These may be provided by the healthcare organisation via integration, or entered manually by the clinician.
Justification: For clinical safety reasons this data (except contact details) must be displayed on-screen during all clinician interactions with a patient’s records, and also appears on the patient’s consent form. Since this information forms part of a consent record, it must be stored according to the same retention schedule as those records. Best practice states that patients are given a copy of their consent form, and therefore contact details are stored to allow communication of the consent interaction and outcome data collection.
For all consent episodes discussed (which may or may not have resulted in surgical consent being given), the following special category data (all relating to the patient’s health) is used:
- A: The treatment
- A: The responsible clinician
- B: the consent episode
- B: Other treatment options discussed
- A: The medical diagnosis which led to this procedure
- A: The intended purpose of the procedure
- A: The risks which the patient has been informed of
Justification: Data marked (A) is a requirement for the consent form as per Department of Health guidelines, and thus must be maintained. In order to fully understand the context in which consent was discussed and taken, data marked (B) is also stored. In combination data (A) and (B) are cryptographically linked to the state of a consent episode at all points in time.
Clinician personal data used:
- Job title
- GMC number (optional)
- Email address
Justification: As part of the audit trail of the application, all activity is tied to the identity of the logged in user, and in some cases is shown to other users of the system (for example the name of the clinician taking confirmation of consent). The clinician’s email address, where applicable, is used for login, and to support use cases such as password reset, but is not disclosed to patients or other users.
Legal basis for processing
The legal basis for processing is that of ‘direct care’. The healthcare organisation has a requirement to take and store procedural consent as part of providing direct care to an individual. The contract between the healthcare organisation and Concentric Health to deliver a digital consent platform will provide Concentric Health’s ‘direct care’ legal basis for processing.
Third party processors
The following ‘Commercial Third Party’ processors are used, with which Concentric Health have agreed data processing and security terms:
Google Cloud Platform
Google Cloud Platform (GCP) provides all hosting and data processing. GCP are fully compliant with NHS information governance requirements. GCP enters data processing and security terms with Concentric Health with regards to appropriate and contracted sub-processing of data. GCP lists sub-processors here.
Postmark provides email sending. Details regarding compliance with GDPR requirements and use of subprocessors is available here. A data processing addendum is in place between Concentric Health and Postmark (Wildbit LLC).
Transparency and user rights
The platform has been designed to meet the GDPR individual rights requirements by design, as requested by the data controller.
A data processing notice can be provided as part of the consent interaction with the patient. Service access requests, rectification requests, processing freeze requests, and data portability requests can be met by design.
National data opt-out
The use or disclosure of data is considered out of scope of the National data opt-out for the following reasons:
- The national data opt-out policy does not apply to uses of information for individual patient care. For example; creation of a consent episode; sharing of interaction information to the patient; sharing completed documentation into the medical record.
- The opt-out for research and planning purposes only applies to confidential patient information - data that includes both:
- information that identifies or could be used to identify the patient, and
- information about their health, care or treatment
No other use of data by Concentric Health, that falls outside use for individual patient care, meets both these conditions.
Further details regarding the National data opt-out can be found here: https://digital.nhs.uk/services/national-data-opt-out/understanding-the-national-data-opt-out
All data used during application development and testing is synthetic.