DoctorLink is an online service that connects to NHS clinical systems to enable you to:
- Access medical advice 24/7
- Be signposted to the most appropriate service
- Book an appointment with the most appropriate clinician and in a timescale suited to your needs
- Undertake assessments of your symptoms to establish the most appropriate treatment
- Order repeat prescriptions
And which helps GP and 111 Services by providing them with:
- Symptom information for clinicians, prior to patient appointment
We are committed to making healthcare more accessible online whilst protecting and respecting your privacy.
This Privacy Notice (along with our terms of service) explains how we use any personal information we collect about you when using the DoctorLink online service.
The data controller and processor for the DoctorLink site is Doctorlink Limited a company registered in England with company number 10337756 with registered offices at Oakhill House, 130 Tonbridge Road, Hildenborough, Kent, England, TN11 9DZ.
- What information do we collect about you?
- How will we use the information we collect about you?
- How will we share your personal information?
- Where and how we store your data?
- How long do we store your data for?
- Legal Basis
- Your rights
- Changes to our privacy notice
- How to contact us
What information do we collect about you?
We collect information about you provided by you when you register with us, when you complete a symptom assessment, when you book an appointment or order a repeat prescription.
We also obtain information about you including your NHS Number from the NHS Digital Personal Demographic Service (PDS) and from your registered GP’s computer system. PDS is an NHS registry that contains the demographic (name, date of birth, NHS Number, address etc.) details of most people in England and Wales. DoctorLink uses details you provide (date of birth, gender, name and postcode) to query PDS to establish your NHS Number. PDS is managed by NHS Digital, more information can be found at this link.
The information we collect from you or the above sources is as given below:
|Name, Date of Birth, Gender, Address, email, Phone number||Yourself|
|Your registered GP||Yourself and PDS|
|Details of any Prescriptions and appointments||Yourself|
Should the GP details you provide us with not match those returned by PDS then certain functionality such as booking an appointment and requesting a repeat prescription will not be available. If this occurs we will tell you and direct you to contact he[email protected] to resolve the difference.
All support calls made and received by the Medvivo Digital Service Desk are recorded and maybe used to support the learning and development of our staff. They may also be used when recovering incidents, compliments and complaints.
Call recordings will be managed in the same way as all other personal information processed by us in line with current legislation.
How will we use the information we collect about you?
We collect information about you to enable us to best identify the nature of the problem or illness you are experiencing so that we can recommend the best care or course of action. This is done by an automated individual decision making process.
Your NHS number is a unique identifier, retrieving it from PDS helps us to safely locate your GP record and not someone else’s in your registered GP’s computer system.
We also use information collected from you to personalise repeat visits to our website, for example when you undertake a symptom assessment one of the first questions is always ‘what is your age’. To save you having to answer this question every time you do the assessment we will use the date of birth you supplied to work out your age automatically.
Your data may be anonymised i.e. any identifying details removed for the purposes of research to help us enhance the quality of our service.
How will we share your personal information?
We may share information with your registered GP and other health care providers e.g. a pharmacist to enable them to provide you with the most informed level of care possible. If you dissent then you may have to provide the same information you have already supplied to us again, by consenting you save yourself and your GP time.
To prevent third parties from pretending to be you we may to establish your identity by passing your details to an Identity Assurance Provider.
Medvivo Digital will not share your information for marketing purposes with any other companies.
If we are required to by law or regulation, we may disclose information as required to the relevant regulatory body. Where a symptom assessment indicates a potential safeguarding concern, the GP Surgery’s designated safeguarding lead will receive an alert. This alert includes the name of the person who completed the symptom assessment along with details of the symptom assessment for GP Surgeries to address as is their internal policy.
Where and how we store your data?
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. Any information we store is held on secure servers located in the European Union.
We do not store any data other than cookies (see below) on the device that you use to access this site.
We have a comprehensive Information Security Management System (ISMS) which is ISO 27001 accredited and as such employ best practice security protocols and procedures including encrypting your data in transit and at rest to protect your personal data and prevent unauthorised access to it.
How long do we store your data for?
We follow the Records Management Code of Practice for Health and Social Care 2016 records retention schedule published by the Information Governance Alliance for the Department of Health which states that patient records should be retained for 10 years from the date of death
DoctorLink processes some of your information by an automated individual decision making process. We will only process your information in this way if you have explicitly consented to it. You will have been asked to consent to the use of your information in this way when you registered for the service. You may withdraw your consent at any time by deleting your account within the DoctorLink app or website.
The processing of your sensitive personal information is necessary for the purposes of medical diagnosis, the management of health or social care systems and services and also for the establishment, exercise or defence of legal claims.
While investigating any issues, incidents, complaints or compliments we may process your personal data as it is in your and our legitimate interest to do so with the full details required.
We will not use any data we hold about you for marketing purposes – either of our own services or of any third parties.
You have a right to:
- access the information we hold about you;
- correct inaccuracies in the information we hold about you
- withdraw any consent you have given to the use of your information;
- complain to the relevant supervisory authority in any jurisdiction about our use of your information
- in some circumstances:
- erase information we hold about you;
- receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
- restrict the use of information we hold about you; and
- object to the use of information we hold about you.
In addition, you may request a person reconsiders any decision made by the use of automated individual decision making, obtain an explanation of how such decision was made and challenge such decision.
You can exercise these rights by contacting us as detailed below.
Changes to our privacy notice
We keep our privacy notice under regular review and we will place any updates on this web page. This notice was last updated on 29thOctober 2018.
How to contact us
If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information, then please contact our Data Protection Officer at:
Data Protection Officer
Fox Talbot House,
Greenways Business Park