Privacy Notice

DoctorLink is an online service that connects to NHS clinical systems to enable you to:

  • Access medical advice 24/7
  • Be signposted to the most appropriate service
  • Book an appointment with the most appropriate clinician and in a timescale suited to your needs
  • Undertake assessments of your symptoms to establish the most appropriate treatment
  • Order repeat prescriptions

And which helps GP and 111 Services by providing them with:

  • Symptom information for clinicians, prior to patient appointment

We are committed to making healthcare more accessible online whilst protecting and respecting your privacy.

This Privacy Notice (along with our terms of service) explains how we use any personal information we collect about you when using the DoctorLink online service.

The data controller and processor for the DoctorLink site is Medvivo Digital a company registered in England with company number 10337756 with registered offices at Oakhill House, 130 Tonbridge Road, Hildenborough, Kent, England, TN11 9DZ.

Topics:

 

What information do we collect about you?

We collect information about you provided by you when you register with us, when you complete a symptom assessment, when you book an appointment or order a repeat prescription.

We also obtain information about you including your NHS Number from the NHS Digital Personal Demographic Service (PDS) and from your registered GP’s computer system.  PDS is an NHS registry that contains the demographic (name, date of birth, NHS Number, address etc.) details of most people in England and Wales.  DoctorLink uses details you provide (date of birth, gender, name and postcode) to query PDS to establish your NHS Number.  PDS is managed by NHS Digital, more information can be found at this link.

The information we collect from you or the above sources is as given below:

Information Source (s)
Name, Date of Birth, Gender, Address, email, Phone number Yourself
Your registered GP Yourself and PDS
Details of any Prescriptions and appointments Yourself
NHS Number PDS

 

Should the GP details you provide us with not match those returned by PDS then certain functionality such as booking an appointment and requesting a repeat prescription will not be available.  If this occurs we will tell you and direct you to contact [email protected] to resolve the difference.

All support calls made and received by the Medvivo Digital Service Desk are recorded and maybe used to support the learning and development of our staff. They may also be used when recovering incidents, compliments and complaints.

Call recordings will be managed in the same way as all other personal information processed by us in line with current legislation.

We also collect information about our website usage using cookies, including the website that users came from or are going to, which pages of our website users visit, IP addresses, the type of browser used and the times our website is accessed. This information is aggregated and is not used to identify individuals. If you require more information about how we use cookies please see our cookies policy.

How will we use the information we collect about you?

We collect information about you to enable us to best identify the nature of the problem or illness you are experiencing so that we can recommend the best care or course of action. This is done by an automated individual decision making process.

Your NHS number is a unique identifier, retrieving it from PDS helps us to safely locate your GP record and not someone else’s in your registered GP’s computer system.

We also use information collected from you to personalise repeat visits to our website, for example when you undertake a symptom assessment one of the first questions is always ‘what is your age’.  To save you having to answer this question every time you do the assessment we will use the date of birth you supplied to work out your age automatically.

Your data may be anonymised i.e. any identifying details removed for the purposes of research to help us enhance the quality of our service.

How will we share your personal information?

We may share information with your registered GP and other health care providers e.g. a pharmacist to enable them to provide you with the most informed level of care possible.  If you dissent then you may have to provide the same information you have already supplied to us again, by consenting you save yourself and your GP time.

To prevent third parties from pretending to be you we may to establish your identity by passing your details to an Identity Assurance Provider.

Medvivo Digital will not share your information for marketing purposes with any other companies.

If we are required to by law or regulation, we may disclose information as required to the relevant regulatory body. Where a symptom assessment indicates a potential safeguarding concern, the GP Surgery’s designated safeguarding lead will receive an alert. This alert includes the name of the person who completed the symptom assessment along with details of the symptom assessment for GP Surgeries to address as is their internal policy.

Where and how we store your data?

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.  Any information we store is held on secure servers located in the European Union.

We do not store any data other than cookies (see below) on the device that you use to access this site.

We have a comprehensive Information Security Management System (ISMS) which is ISO 27001 accredited and as such employ best practice security protocols and procedures including encrypting your data in transit and at rest to protect your personal data and prevent unauthorised access to it.

How long do we store your data for?

We follow the Records Management Code of Practice for Health and Social Care 2016 records retention schedule published by the Information Governance Alliance for the Department of Health which states that patient records should be retained for 10 years from the date of death

Legal basis

DoctorLink processes some of your information by an automated individual decision making process.  We will only process your information in this way if you have explicitly consented to it. You will have been asked to consent to the use of your information in this way when you registered for the service. You may withdraw your consent at any time by deleting your account within the DoctorLink app or website.

The processing of your sensitive personal information is necessary for the purposes of medical diagnosis, the management of health or social care systems and services and also for the establishment, exercise or defence of legal claims.

While investigating any issues, incidents, complaints or compliments we may process your personal data as it is in your and our legitimate interest to do so with the full details required.

Marketing

We will not use any data we hold about you for marketing purposes – either of our own services or of any third parties.

Your rights

You have a right to:

  • access the information we hold about you;
  • correct inaccuracies in the information we hold about you
  • withdraw any consent you have given to the use of your information;
  • complain to the relevant supervisory authority in any jurisdiction about our use of your information
  • in some circumstances:
    • erase information we hold about you;
    • receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
    • restrict the use of information we hold about you; and
    • object to the use of information we hold about you.

In addition, you may request a person reconsiders any decision made by the use of automated individual decision making, obtain an explanation of how such decision was made and challenge such decision.

You can exercise these rights by contacting us as detailed below.

Changes to our privacy notice

We keep our privacy notice under regular review and we will place any updates on this web page.  This notice was last updated on 29thOctober 2018.

How to contact us

If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information, then please contact our Data Protection Officer at:

Data Protection Officer

Medvivo Digital Limited

Fox Talbot House,
Greenways Business Park
Chippenham
Wiltshire
SN15 1BN.

Or

[email protected]