PATIENT ACCESS is provided by Egton Medical Information Systems Limited ("We" or "EMIS"), a company registered in England with company number 2117205 with registered offices at Rawdon House, Green Lane, Yeadon, Leeds, LS19 7BY (acting via its subcontractor and affiliate Patient Platform Limited (co. no. 10004395) and of the same address (“Patient”) and references below to us will include, where relevant, references to Patient).
We are committed to protecting and respecting your privacy.
SCOPE OF POLICY
- the PATIENT ACCESS mobile application software (the "App") (available on a number of different App marketplaces (the "App Sites")), once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device ("Device"); and
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
Information you give us ("Submitted Information"): You may give us information about you by filling in forms on the relevant
App Site and the Site, or by corresponding with us (for example, by e-mail). This includes:
- information you provide when you download or register an App, subscribe to the Service or Site, and when you report a problem with an App, or the Service, or the Site. The information you give us may include your name, date of birth, NHS number, e-mail address and phone number, the Device's phone number, username, password and other registration information (and if registering for the Service online, your sex, house number and postcode); and
- health and wellbeing information you provide which you have extracted from third party health applications on your Device and any connected devices (collectively, the "Health Data").
Information We collect about you and your Device. Each time you visit the Site or use the App We may automatically collect the
- technical information, including the type of mobile device you use, a unique device identifier, mobile network information, your mobile operating system, and time zone setting ("Device Information");
- health information stored on your Device which you have explicitly consented to sharing, and the providence of that data including the device used to collect that data, time, date ("Content Information"); and
- details of your use of the App or your visits to the Site and the resources that you access ("Log Information").
- If you contact us, We may keep a record of that correspondence.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
- Submitted Information: We will use information which you submit as part of registering to use the App and the Service in order to manage your account, to provide technical support, to answer queries you might raise regarding the Site or the Service and for our own internal administrative purposes (and, in respect of the Service, to help us to verify your identity where appropriate by cross-checking the records kept at the relevant GP Practice). We will use any Health Data you submit through the App only for the purposes of storing that information and to make it available to you or (with your consent) your nominated health professional as you may request from time to time.
- Device information: We will use this information to ensure that Patient Access presents the correct version and data for your Device.
- Content Information: health information submitted through the App only for the purposes of storing that information and to make it available to you or (with your consent) your nominated health practitioner as you may request from time to time.
- Log information: this is stored for security and audit purposes and to ensure that We are able to support your use of Patient Access.
We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this policy for as long as it is combined.
DISCLOSURE OF YOUR INFORMATION
Subject to the provisions below, we will not provide your Submitted Information to any third party for any commercial purposes. We may disclose your personal information:
- If We are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
- To a contractor (including, Patient) appointed by us to deliver elements of the Patient Access service on our behalf (and under our control). Any access we might grant to a contractor will be limited to such information as is required for them to deliver the relevant service (and will be subject to a contract which includes appropriate obligations of confidence and compliance with the law).
In order to:
- protect the rights, property or safety of EMIS, our customers, or others (acting at all times in accordance with our obligations under the relevant data protection legislation and the terms of our agreement with your GP Practice in respect of any Health Data).
- In accordance with any instructions we might receive from your GP Practice (in respect of your Health Data and in their capacity as a data controller).
HOW AND WHERE WE STORE YOUR PERSONAL DATA
The Health Data that We collect from you and data you submit when registering to use the Service will be stored at a secure data centre which is located within the United Kingdom. Any requests you may submit for technical support will be held within the appropriate internal management systems whilst We are dealing with the same.
All Health Data will be encrypted (using industry standard methods) when being transferred from your Device to the data centre. No Health Data is stored locally within the App on your Device.
Where We have given you (or where you have chosen) a password that enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
If you register for the Service online then you will not be able to access all aspects of the Service (via the Site or the App) unless or until you contact your GP Practice in order to confirm your identity.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
We always aim to comply with the relevant data privacy laws which impose many obligations on us (in relation to your login/contact details and any Health Data) and which limit what We are allowed to do with the information which you provide to us so as to protect your rights.
In relation to any health information which you wish to add to your record or pass to your GP then this information is passed securely to the GP practice. Your GP is responsible for this data and We can only act in accordance with their instructions.
We do not currently use your contact details for marketing purposes (but if this were to change then We would contact you to obtain your consent and you do in any event have a legal right to require us to stop direct marketing at any time and We would make clear in any communications how you might exercise that right). We will not sell your details to any third party.
Our Site may, from time to time, contain links to and from the websites of our partner networks (including, Patient), advertisers and affiliates (including, websites on which the App or the Services are advertised). If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services, such as contact and location data. Please check these policies before you submit any personal data to these websites or use these services.
ACCESS TO INFORMATION
You have the right to access information held about you. Your right of access can be exercised in accordance with the terms of the Data Protection Act 1998 by making a "subject access request".
If you would like to make a subject access request then you must make that request in writing to the address provided below. Any access request may be subject to a reasonable fee (as notified to you upon request) to meet our costs in providing you with details of the information We hold about you (such fee to be no greater than that determined by the Data Protection Act 1998).
If We do hold information about you then following a subject access request We will: (i) describe it to you; (ii) explain why We are holding it; (iii) tell you who it could be disclosed to; and (iv) let you have a copy of it.
If you wish to delete or correct any personal data (including any Health Data) held by us then you may do so by using the relevant functionality within the App (once this function has been activated) or by sending a request to Patient Access Data Request, Rawdon House, Green Lane, Yeadon, Leeds LS19 7BY or to firstname.lastname@example.org. We will use our reasonable efforts to delete the relevant information from our systems or those of any contractor (however, please note that it is not (currently) technologically feasible to remove each and every record of the information you have provided to us). You should also be aware that if your medical practitioner has copied any of your health data into your medical record then you will need to contact the relevant practice directly should you wish to discuss changes required to that record as We are not able to delete information from your medical record(s). As detailed above, queries relating to your medical record should be directed to your GP practice.