Last updated July 2023
PATIENT ACCESS is provided by Egton Medical Information Systems Limited("EMIS"), a company registered in England with company number 2117205 with a registered office address of Fulford Grange, Micklefield Lane, Rawdon, Leeds, LS19 6BA.
The Patient Access Marketplace is also provided by EMIS.
EMIS acts as a “controller” in respect of certain personal data shared through Patient Access and/or the Patient Access Marketplace. This means that EMIS is responsible for deciding how to hold and use this personal data and references below to “we”, “us” or “our” are to EMIS.
We are committed to protecting and respecting your privacy.
SCOPE OF THIS PRIVACY NOTICE
- the PATIENT ACCESS mobile application software (the "App") (available on a number of different App marketplaces (the "App Sites")), once you have downloaded or streamed a copy of the App onto your mobile telephone or other handheld device ("Device"); and
- the PATIENT ACCESS Service (the "Service") accessible through the App or through our website at https://www.patientaccess.com/ (the "Site"); and
- the Service may include the:
- Medication Assistant functionality (“Medication Assistant”) which accessible through the App or the Site
- Clinical Research Studies functionality (“Clinical Research Studies”) which is accessible through the App or the Site (as available); and
- the Patient Access Marketplace online purchase, order, payment and/or reservation service offered in respect of various services made available by independent providers (the “Booking Service”).
This notice sets out the basis on which we will process any personal data we collect from you, or that you provide to us. ‘Processing’ for the purposes of this notice covers a very broad range of activities, including using, transferring, storing and even deleting data.
Please read the following terms carefully to understand our views and practices regarding your personal data and how we will treat it.
For the avoidance of doubt:
- You may use the Service in order to, amongst other things, access elements of your GP medical record. Your GP practice has responsibility for, and control over, access to your GP medical record and as such your GP medical record does not form part of, and is not subject to, the terms of this privacy notice. Your GP practice is able to control the access that patients are able to exercise via services such as Patient Access (and other similar services). You should contact your GP practice (or review their privacy notice) if you should have any questions regarding access to, the use of, or the contents of, your GP medical record.
PERSONAL DATA WE MAY COLLECT IN RELATION TO YOU
We may collect, and process, the following types of personal data about you:
- You may give us information about yourself (“Submitted Information”) by a number of different routes, including:
- information you provide to us or that we may collect, including when you download or register an App; subscribe to the Service or Site; register for and use Medication Assistant; register for and use the Clinical Research Studies service; access and use the Booking Service and/or when you report a problem with an App, or the Service, the Booking Service or the Site. The information that you give us or that we collect may include your name, date of birth, NHS number (used as a unique identifier to ensure the Service functions correctly), e-mail address and phone number, the Device's phone number, username, password and other registration information (and if registering for the Service online, your gender, house number and postcode);
- information you provide when using the Service (through the Site and/or the App) or the Booking Service;
- information you provide when registering for and using Medication Assistant, including details of any current medication you are taking (such as name of drug, dosage, quantity, prescribed dates) and summary information about your medical conditions or diagnoses. We will take this information directly from your electronic health record;
- information you provide when registering for and using the Clinical Research Studies service including information about medications you are taking, medical conditions or diagnosis, demographic data (i.e. age, location etc.), ethnicity, weight, height and any other information that may be relevant for the purposes of identifying whether you meet the inclusion/exclusion criteria for a clinical trial. We will take this information directly from your electronic health record;
- if you contact us, we may keep a record of that correspondence;
- information provided when submitting or updating a request for support or contacting our support teams;
- details of your marketing and communications preferences you provide (in relation to receiving marketing from us and our third parties and your communication preferences) when you register with the Service and/or Booking Service or otherwise when you request marketing to be sent to you;
- information provided in response to any surveys or requests for information which we may send to you from time to time or which you complete on our website or application (in line with your marketing and communications preferences as referred to above);
- information collected as a result of any monitoring which may take place. We may monitor (which may include recording) certain interactions between us in order to comply with any legal obligations, to detect fraud or criminal activity as well as for training purposes; and/or
- Information we collect about you and your Device. Each time you visit the Site or use the App or the Booking Service we may automatically collect the following information:
- technical information, including the type of mobile device you use, a unique device identifier, mobile network information, your mobile operating system, and time zone setting ("Device Information");
- health information stored on your Device which you have explicitly consented to sharing, and the providence of that data including the device used to collect that data, time, date ("Content Information"); and
- details of your use of the App or your visits to the Site, and/or your use of the Booking Service, and the resources that you access ("Log Information").
NHS login is a separate NHS Digital service. You can find out more about the NHS login service.
If you use the NHS login service in order to access Patient Access then the terms set out in this section will apply.
If you access our service using your NHS login details, the identity verification services are managed by NHS England. NHS England is the controller for any personal information you provided to NHS England to get an NHS login account and verify your identity, and uses that personal information solely for that single purpose.
As a registered NHS login user, information consisting of your email address and password will be processed by NHS England to enable you to use your NHS account in order to access Patient Access - see https://access.login.nhs.uk/privacy for further details.
For this personal information, our role is a “processor” only and we must act under the instructions provided by NHS England (as the “controller”) when verifying your identity. This restriction does not apply to the personal information you provide to us separately (and which will be processed according to this Patient Access privacy notice).
As noted in the EULA, if you are under the age of 16 and you are registering a Patient Access account to link to your GP practice, then your use of the Service will be dependent on your GP practice authorising such use and will be subject to any additional requirements or conditions which they may choose to place on such use (for example, they may require you to provide them with permission from a parent or guardian).
You may only be able to register with the App or the Site if we have been provided with evidence from your GP that you have been assessed by the practice as competent for online services and that a corresponding “competency code” has been recorded by the practice in your patient record.
USES MADE OF THE INFORMATION
We may use personal data we collect about you in the following ways:
- Submitted Information: We will use information which you submit as part of registering to use, or where you are using, the App, the Service, the Booking Service, Medication Assistant and/or the Clinical Research Studies service in order to manage your account, to deliver the Service, the Booking Service, Medication Assistant and/or the Clinical Research Studies service (as appropriate), to provide technical support, to contact you (including, without limitation, via SMS) so as to notify you regarding any important updates relating to the Site, the App, the Service, the Booking Service, Medication Assistant and/or the Clinical Research Studies service, to answer queries you might raise regarding the Site, the App, the Service, the Booking Service, Medication Assistant and/or the Clinical Research Studies service and for our own internal administrative purposes.
- To help us to verify your identity where appropriate by cross-checking the records kept at the relevant GP practice (to help keep your information secure).
- For booking purposes: Where you are using the Booking Service, we will use your personal details to facilitate bookings for the services offered by third party providers through our Booking Service.
- To provide you with the Medication Assistant service: if you enable Medication Assistant, we will send you information and notifications (in the App and/or by email) tailored to your current medical conditions and/or medication, to help you better manage your medical condition / use of your medication.
- To provide you with the Clinical Research Studies Service: if you enable Clinical Research Studies, we will send you (in the App and/or by email) information about clinical trials that you may be eligible to participate in, along with instructions on how to apply to participate. Where you provide us with consent, we will share relevant information about you (as notified to you) with the relevant party involved in the conduct of the clinical trial. In addition, if: (a) you consent to your information being shared with the relevant party involved in a particular clinical trial; and (b) your GP practice: (i) uses EMIS Web, (ii) has signed up to (now or in the future) our Recruit service (which allows GPs to invite patients to participate in clinical trials); and (iii) is recruiting for the relevant clinical trial (now or in the future), we will confirm to your GP that you have consented to your information being shared. This is to prevent your GP from separately inviting you to the same clinical trial.
- To deliver the Smart Pharmacy Service (as detailed in the EULA): if you enable the Smart Pharmacy functionality within Patient Access and nominate a Smart Pharmacy then we will use the information you provide in order to send you communications relevant to your prescription requests. This may include notifications sent on behalf of your nominated pharmacy that the relevant products are available for collection or are out for delivery (as appropriate).
- For marketing purposes: We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising, including the following personal data control mechanisms:
- We may use your identity, contact details and Device Information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (i.e. ‘marketing’).
- You will receive marketing communications from us if you have requested information from us or receive services from us and you have not opted out of receiving that marketing.
- We may ask you to identify areas of particular interest (which may be related to certain conditions) and if you choose to provide those details then we may send you information which we feel may be relevant to those areas of interest or which might otherwise be of interest to you based on the preferences identified.
- We will get your express opt-in consent before we share your personal data with any third party for their marketing purposes.
- You can ask us (or any third parties) to stop sending you marketing messages at any time (see below for further details).
- Health & Fitness Data: We will use any Health & Fitness Data you submit through the App in order to store that information and to make it available to you and/or (with your consent) your nominated health professional as you may request from time to time.
- Survey responses: We will use this information for the purposes outlined in the relevant survey or request for information (referred to generally as ‘surveys’). If a survey involves the provision of information relating to your physical or mental health then this data will be held securely and will not be used other than for the purposes provided to you when you completed the relevant survey (though we may use anonymised data from the survey in order to undertake research in to trends and to provide insights into the relevant condition(s) and we may share that anonymised data with third parties). If you agree as part of the survey to our contacting you further, then we may do so to supply you with information that may be of interest to you; or in order to determine whether you would want to be further involved in any follow-on surveys or medical research opportunities.
- Device Information: We will use this information to help ensure that Patient Access presents the correct version and data for your Device.
- Content Information: health information submitted through the App for the purposes of storing that information and to make it available to you or (with your consent) your nominated health practitioner as you may request from time to time.
- Log Information: this is stored for security and audit purposes and to ensure that we are able to support your use of Patient Access.
- For security and safety purposes: we monitor activity in order to help protect our users from security threats and to detect if users are trying to misuse any element of the Site, App or Service and/or Booking Service or to use them in an unauthorised manner. We may also use your contact information in order to alert you to any relevant security issues or safety concerns of which we are aware.
- To statistically analyse user behaviour and activity: We will monitor user interest and behaviour to help us to understand general usage of the Booking Service, Service, Medication Assistant, Clinical Research Studies, Site and App to help us improve the services we provide. We may also use this information to tailor the view of the Booking Service, Service, Medication Assistant, Clinical Research Studies, Site or App or any communications you receive from us so as to provide you with what we believe to be more relevant information. We may conduct statistical analysis in respect of the Booking Service the Service and/or Medication Assistant and/or Clinical Research Studies, either ourselves or through an agency acting on our behalf and may share statistical data (that will not identify you) with relevant third parties.
- If you submit feedback which we consider to constitute a medical emergency, we may pass on information (including your contact details and details pertaining to the emergency) to your GP practice and/or to the urgent/emergency services (e.g. NHS 111 or 999).
We may associate any category of information with any other category of information and will treat the combined information as personal data in accordance with this privacy notice for as long as it is combined.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
BASIS ON WHICH WE PROCESS YOUR PERSONAL DATA
We may rely on a range of legal grounds in accordance with the applicable privacy laws in order to ensure that our use your personal data is lawful, including:
- where it is necessary for the performance of our contract with you i.e. to provide you with the Service or Booking Service or Medication Assistant or Clinical Research Studies service (as applicable), such as:
- updating your records, contacting you about the Service or Booking Service or Medication Assistant (where appropriate);
- sharing your personal data with service providers in order to deliver any element of the Service (for example, with your nominated pharmacy in respect of your medication requests or your nominated Smart Pharmacy where you are using the Smart Pharmacy service) or to facilitate a booking made through the Booking Service;
- activities relevant to managing the Service and/or Booking Service and/or Medication Assistant and/or Clinical Research Studies including any enquiries you may make regarding the Service or Booking Service or Medication Assistant or Clinical Research Studies, your application to receive the Service or to access the Booking Service or Medication Assistant or Clinical Research Studies, and the administration and management of accounts;
- where it is in our legitimate interests to do so (provided this is not overridden by considerations regarding your rights and interests), such as:
- managing the Service or Booking Service, updating your records, contacting you about the Service or Booking Service (where appropriate);
- performing and/or testing the performance of, our products, services and internal processes;
- following guidance and recommended best practice of government and regulatory bodies;
- managing and auditing our business operations;
- monitoring and to keeping records of our communications with you;
- undertaking market research and analysis and developing statistics; and/or
- for direct marketing communication purposes and to help us to offer relevant products and services;
- to comply with our legal obligations; and/or
- with your consent. For the avoidance of doubt, we rely on consent for the following uses:
- Certain direct marketing communications,
- Where you have enabled Medication Assistant or the Clinical Research Studies service (in respect of which, we will obtain your explicit consent before processing your ‘special category data’ (as defined in the relevant legislation, being data concerning your health) for all of the relevant purposes set out above), and
- by choosing to provide us with responses to survey requests and/or Health & Fitness Data (as defined above) then to the extent that such data amounts to ‘special category data’ (as defined in the relevant legislation, being data concerning your health) then you are expressly consenting to our processing that data for the purposes outlined in this privacy notice (or as otherwise notified to you at the point of submission or otherwise).
You are free to withdraw your consent at any time (please see the section below on Your Rights for further detail).
DISCLOSURE OF YOUR INFORMATION
Disclosure of your personal data to third parties may arise in a number of scenarios, for example:
- If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
- To a contractor appointed by us to deliver elements of the Service on our behalf (and under our control). Any access we might grant to a contractor will be limited to such information as is required for them to deliver the relevant service (and will be subject to a contract which includes appropriate obligations of confidence and compliance with applicable law).
- To your nominated pharmacy (or Smart Pharmacy as appropriate) in order to provide them with details of your medication requests.
- To any third party provider with whom you make a booking through our Booking Service.
- To any third party who you provide us with your (explicit) consent to share your personal data and special category data with, including your GP Practice where applicable e.g. in relation to the Clinical Research Studies service if the relevant conditions set out ‘Uses made of the Information’ section are met (now or in the future).
- In order to:
- protect the rights, property or safety of EMIS, our customers, or others (acting at all times in accordance with our obligations under the relevant data protection legislation).
- In connection with a potential sale or transfer of part or all of our business. In such circumstances we may share information with prospective purchasers (for example as part of a controlled due diligence exercise).
- If we reorganise our business as we may need to transfer information about you to another member of our group of companies so that we could continue to provide the Service to you.
We will ensure that we comply with our responsibilities whenever sharing data with a third party.
HOW AND WHERE WE STORE YOUR PERSONAL DATA
We use strict procedures and security features designed to prevent any unauthorised or unlawful access to the personal data which we control.
Personal data which we hold in relation to you will be stored securely at our offices and (where relevant) at the offices of third-party agencies, service providers, representatives and agents. We may also hold your personal data in secure data centres located within the United Kingdom or European Economic Area (EEA).
All Health & Fitness Data, Medication Assistant and Clinical Research Studies data will be encrypted (using industry standard methods) when being transferred from your Device to the relevant data centre. No Health & Fitness Data, Medication Assistant or Clinical Research Studies data is stored locally within the App on your Device.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone and that you use a unique password in respect of your Patient Access account.
We will retain a record of your personal data in accordance with relevant law and the following criteria:
- where we have a reasonable business need to do so, for example, in order to manage our relationship with you;
- where we are providing products and/or services to you and then for as long as someone could bring a claim against us in respect of those products or services; and/or
- in line with any legal and regulatory requirements or guidance in respect of retention periods.
As noted above, we sometimes use other organisations to process your personal data on our behalf, for example, in relation to analysis of the use of the Service and/or Booking Service. We may use service providers to help us run the Site, App, Service and/or Booking Service, some of whom may be based outside of the UK or the EEA. However, it is our responsibility to ensure that if we use any such service provider that we ensure that we have the necessary safeguards in place. We may also independently audit these service providers to ensure that they meet our standards.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to the App or the Site; any transmission that you make is therefore made at your own risk. However, once we have received your data, we will use strict procedures and security features designed to prevent any unauthorised or unlawful access to the same and all information you provide to us will be stored securely.
You have a number of important legal rights regarding the manner in which personal data relating to you is used. You can find more information about your rights on the Information Commissioner’s Office website.
We have outlined below the key rights which we believe may be relevant to your use of the Site, App, the Service and/or Booking Service.
If you would like to exercise any of these rights then please contact us using the contact information provided below. Please note that you may be asked to provide us with reasonable proof of your identity so that we can be sure that we are discussing or providing your personal data with, or to, you (or if someone is making a request on your behalf, we need to check that they have the authority to do so).
Access to information
You have the right to access certain information we hold about you so that you can be aware of, and verify the lawfulness of, the processing we undertake.
You can exercise your right of access by making what is generally referred to as a ‘subject access request’.
We will review each request which we receive and if we agree that we are obliged to provide personal data to you then we will (subject to certain limited exceptions provided under the relevant law) amongst other things: (i) describe it to you; (ii) tell you why we are holding it; (iii) tell you who it could be disclosed to; and (iv) let you have a copy of it (this may include providing an electronic copy).
Right to have information corrected
If you identify that any personal data that we hold about you is wrong, inaccurate or out of date then you may ask us to correct or update it. Please contact us via the details provided below and we will review each request and respond accordingly.
Right of erasure and the right to stop or limit our processing of your personal data
The right of erasure is also known as the ‘right to be forgotten’. You have the right to ask us to erase data we hold about you. Alternatively, you can ask us to stop or to limit any processing we are undertaking in respect of your personal data. These rights arise if we no longer have a valid reason to do so or if we have held it for too long.
These are not absolute rights but every request we receive will be considered carefully and we will respond accordingly (providing grounds for any decision we make).
Right to withdraw consent
You are free to withdraw any consent which you have given to us in relation to our use of your personal data at any time (for example, in relation to any Health & Fitness Data or in respect of the Medication Assistant or Clinical Research Studies service). Please note that not all uses which we make of your personal data require your consent (for example, if we need to use that information in order to provide a service you have requested then we do not need your consent in order to do so). If you choose to withdraw consent in respect of Health & Fitness Data or Medication Assistant or Clinical Research Studies then you will no longer be able to use that functionality in respect of the Service (including, where relevant, Medication Assistant and/or Clinical Research Studies).
Right to object
You have the right to object to the processing of your personal data at any time. This effectively allows you to stop or prevent the processing of your personal data.
An objection may be in relation to all of the personal data we hold (as a controller) about you or only to certain information. It may also only relate to a particular purpose we are processing the data for.
You have the right to object where we are processing your personal data for direct marketing purposes by following the opt-out links on any marketing message sent to you or by contacting us at any time. Save in relation to direct marketing communications this is not an absolute right but every request we receive will be considered carefully and we will respond accordingly (providing grounds for any decision we make).
Right to complain
If you are unhappy about the way in which we have processed your personal data then you have a right to raise the issue or to lodge a complaint with the Information Commissioner’s Office – as noted above please see https://ico.org.uk/for-the-public/ for further details.
Changes to our privacy notice
We will keep this privacy notice and we may update it from time to time (for example, to reflect changes we might make to our services or to reflect changes in the law or best practice). Any changes we may make to our privacy notice in the future will be posted on this page. We encourage you to visit this page periodically so that you are aware of any changes which have been made. In addition changes may be notified to you by e-mail or when you next start the App or log onto the Site. The new terms may be displayed on-screen and you may be required to read and accept them to continue your use of the Service or the Booking Service or Medication Assistant or Clinical Research Studies.
If you have any comments or concerns regarding our privacy notice, or the manner in which we handle your personal data or if you would like to exercise any of the rights outline above then please do feel free to contact us by one of the following means:
- By post: FAO Data Protection Officer, Fulford Grange, Micklefield Lane, Leeds, LS19 6BA
- By email: firstname.lastname@example.org
We will consider your comments and respond accordingly. Please note that if you have a ‘support’ query (for example you are having issues in accessing the service) then please refer to our support site - https://support.patientaccess.com/.
© Egton Medical Information Systems Limited. All rights reserved. Patient does not provide medical advice, diagnosis or treatment.