Doctorlink is an online service that connects to NHS clinical systems to enable you to:
- Access medical advice 24/7
- Be signposted to the most appropriate service
- Book an appointment with the most appropriate clinician and in a timescale suited to your needs
- Undertake assessments of your symptoms to establish the most appropriate treatment
- Order repeat prescriptions
And which helps GP and 111 Services by providing them with:
- Symptom information for clinicians, prior to patient appointment
We are committed to making healthcare more accessible online whilst protecting and respecting your privacy.
This Privacy Notice (along with our terms of service) explains how we use any personal information we collect about you when using the Doctorlink online service.
The data controller and processor for the Doctorlink site is Doctorlink Limited a company registered in England with company number 10337756 with registered offices at Oakhill House, 130 Tonbridge Road, Hildenborough, Kent, England, TN11 9DZ.
- What information do we collect about you?
- How will we use the information we collect about you?
- How will we share your personal information?
- Where and how we store your data?
- How long do we store your data for?
- Legal Basis
- Your rights
- Changes to our privacy notice
- How to contact us
What information do we collect about you?
We collect information about you provided by you when you register with us, when you complete a symptom assessment, when you book an appointment or order a repeat prescription. We may also collect information about you provided by someone else if they complete a symptom assessment for you, on your behalf and with your consent.
We also obtain information about you including your NHS Number from the NHS Digital Personal Demographic Service (PDS) and from your registered GP’s computer system. PDS is an NHS registry that contains the demographic (name, date of birth, NHS Number, address etc.) details of most people in England and Wales. Doctorlink uses details you provide (date of birth, gender, name and postcode) to query PDS to establish your NHS Number. PDS is managed by NHS Digital, more information can be found at this link.
The information we collect from you or the above sources is as given below:
|Name, Date of Birth, Sex, Address, email, Phone number||Yourself|
|Your registered GP||Yourself and PDS|
|Details of any Prescriptions and appointments||Yourself|
|Details about your health||Yourself|
|Outcome of a GP appointment booked via Doctorlink||GP System|
The information we may collect about you from someone else if they complete a symptom assessment on your behalf is given below:
|Name, Date of Birth, Phone number||Someone else|
|Details about your health||Someone else|
Should the GP details you provide us with not match those returned by PDS then certain functionality such as booking an appointment and requesting a repeat prescription will not be available. If this occurs we will tell you and direct you to contact [email protected] to resolve the difference.
Should your symptom assessment result in a video consultation with a clinician, the consultation may be recorded for quality and training purposes.
All support calls made and received by Doctorlink’s Service Desk are recorded and may be used to support the learning and development of our staff. They may also be used when investigating incidents, compliments and complaints.
Video and Call recordings will be managed in the same way as all other personal information processed by us in line with current legislation.
If we contact you or if you contact us to provide feedback on the services we provide, we may store your contact details and any other information you provide to us during the feedback.
How will we use the information we collect about you?
We collect information about you to enable us to best identify the nature of the problem or illness you are experiencing so that we can recommend the best care or course of action. This is done by an automated individual decision making process.
Your NHS number is a unique identifier, retrieving it from PDS helps us to safely locate your GP record and not someone else’s in your registered GP’s computer system.
We also use information collected from you to personalise repeat visits to our website, for example when you undertake a symptom assessment one of the first questions is always ‘what is your age’. To save you having to answer this question every time you do the assessment we will use the date of birth you supplied to work out your age automatically.
Information provided to us may be used for analytical purposes. Prior to this it will be pseudonymised. Pseudonymisation means processing the information according to our data processing policies which ensure that any information that identifies you are removed and computer generated information used instead. As a result, individual people and their details cannot be identified.
The pseudonymised information is processed and stored on a secure server that contains no identifiable information. This allows the Doctorlink team to perform statistical analyses to:
- Enhance, improve and demonstrate the efficacy of our products, services or customer experience
- Investigate and resolve any technical and functional issues
Direct access to the data is restricted to Doctorlink’s database administrators and analysts within the data science team.
We may on occasion work with academic partners to evaluate our products or services and in such instances may need to share the pseudonymised information with them.
We may publish the results of our analyses on our website, in printed documents or in peer-review journals. Details of individuals will not be identifiable in any published materials. Any statistical analysis produced is reviewed to ensure the risk of identification is removed which includes the suppression of statistically small numbers where necessary.
How will we share your personal information?
We may share your information with your registered GP and other health care providers e.g. a pharmacist to enable them to provide you with the most informed level of care possible.
To prevent third parties from pretending to be you, we may need to establish your identity by passing your details to an Identity Assurance Provider.
Doctorlink may use the services of a data processor to assist us with some of our data processing, but this is done under a contract with direct instruction from us that controls how they will handle personal information and ensures they treat any personal information in line with the General Data Protection Regulation, privacy law, and any other laws that apply.
If we are required to by law or regulation, we may disclose information as required to the relevant regulatory body.
In some symptom assessments, a safeguarding flag may be triggered. Safeguarding flags are built into the algorithms and an alert is triggered where a user’s answers indicates that either they, or another person, may be at risk of harm. Where a symptom assessment indicates a potential safeguarding concern, the GP Surgery’s designated safeguarding lead will receive an alert. This alert includes the name of the person who completed the symptom assessment along with details of the symptom assessment. This alert is sent ‘silently’ as there are some cases where the safety of a user or others may be compromised if it was flagged that an alert had been sent. GP Surgeries will address the safeguarding alert in line with their own internal policy.
Where and how we store your information
We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice. Any personal information we store is held on secure servers located in the UK and European Union.
We do not store any data other than cookies on the device that you use to access this site.
We have a comprehensive Information Security Management System (ISMS) which is ISO 27001 accredited and as such employ best practice security protocols and procedures including encrypting your data in transit and at rest to protect your personal information and prevent unauthorised access to it.
How long do we store your information for?
We follow the Records Management Code of Practice for Health and Social Care 2016 records retention schedule published by the Information Governance Alliance for the Department of Health which states that patient records should be retained for 8 years after last use of the service.
Doctorlink processes some of your information by an automated individual decision making process. We will only process your information in this way if you have explicitly consented to it. You will have been asked to consent to the use of your information in this way when you registered for the service. You may withdraw your consent at any time by deactivating your account within the Doctorlink app or website but we will retain your personal data for 8 years.
The processing of your sensitive personal information is necessary for the purposes of medical diagnosis, the management of health or social care systems and services and also for the establishment, exercise or defence of legal claims.
While investigating any issues, incidents, complaints or compliments we may process your personal data as it is in your and our legitimate interest to do so with the full details required.
We will not use any personal information we hold about you (including your email address) for direct marketing purposes – either of our own services or of any third parties.
You have a right to:
- access the information we hold about you;
- correct inaccuracies in the information we hold about you;
- withdraw any consent you have given to the use of your information;
- complain to the relevant supervisory authority in any jurisdiction about our use of your information
- in some circumstances:
- erase information we hold about you;
- receive a copy of your personal data in an electronic format and require us to provide this information to a third party;
- restrict the use of information we hold about you; and
- object to the use of information we hold about you.
In addition, you may request a person reconsider any decision made by the use of automated individual decision making, obtain an explanation of how such decision was made and challenge such decision.
You can exercise these rights by contacting us as detailed below.
How to contact us
If you have any questions about our privacy notice, the personal information we hold about you, or our use of your personal information, please contact our Data Protection Officer at:
Data Protection Officer
Fox Talbot House
Greenways Business Park
How to make a complaint
You also have the right to raise any concerns about how your personal data is being processed by us with the Information Commissioners Office (ICO):
0303 123 1113
Changes to our privacy notice
We keep our privacy notice under regular review and we will place any updates on this web page. This notice was last updated on 4th October 2019.